You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2020/11/30 07:32:00 UTC
[jira] [Closed] (FEDIZ-251) Support SAML token signature without
KeyInfo
[ https://issues.apache.org/jira/browse/FEDIZ-251?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed FEDIZ-251.
-------------------------------------
> Support SAML token signature without KeyInfo
> --------------------------------------------
>
> Key: FEDIZ-251
> URL: https://issues.apache.org/jira/browse/FEDIZ-251
> Project: CXF-Fediz
> Issue Type: Improvement
> Components: Plugin
> Affects Versions: 1.5.0
> Reporter: Arnaud MERGEY
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Fix For: 1.5.1
>
>
> During a SAML authentication flow, Fediz is throwning NPE when
> signature is missing KeyInfo, which is supposed to be optional (if I
> understand saml spec correctly).
>
> While processing this kind of signature
>
>
> {code:java}
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> <ds:Reference URI="#dG09eAtYsmf1tfNVvs37uZdJd-u"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> <ds:DigestValue>XI9dqpDtmdtCEnRBFxuoWoii1Mh5kFPIsTP/qkSCfB0=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> QOwv36AiO9PKu4dTalBF9JoauSj6Sdc7/sirWuJLlUGNJGR29ZvnaH2vGwvYxCKR6DGhMGTh+ePB gt2qRkxaetjAQEnO71PXg24CVsCTZoNzLpsXRXRjw8K4/Jo8Lsv19gqkiD4hPRVyc/K70Op9e2pM kHF44yX/hwOgjn3A7B/c5cpcLsFyGgGBBkWKvTYV1kg4UY6C/O1ngR45h0QSiAc6bc4R26W4fbjl Q6JCo6sOGViVwbBsTmVSAtbEeEPdiWeXVc1raKA/Nfi6aKQmKhhkH4tkgR/4UwRoxnvcf47hKBx0 05g2is0osHh1PLrioChhxdV22Mnfv9aPGb6acQ== </ds:SignatureValue> </ds:Signature>{code}
>
>
> The NPE is
> {code:java}
> org.apache.cxf.fediz.core.processor.SAMLProcessorImpl.processSignInRequest Failed to validate token java.lang.NullPointerException at org.apache.cxf.fediz.core.saml.SAMLTokenValidator.validateAndProcessToken(SAMLTokenValidator.java:107) at org.apache.cxf.fediz.core.processor.SAMLProcessorImpl.processSignInRequest(SAMLProcessorImpl.java:203) at org.apache.cxf.fediz.core.processor.SAMLProcessorImpl.processRequest(SAMLProcessorImpl.java:114) at org.apache.cxf.fediz.core.handler.SigninHandler.processSigninRequest(SigninHandler.java:124) at org.apache.cxf.fediz.core.handler.SigninHandler.handleRequest(SigninHandler.java:76) at com.semarchy.tool.jee.tomcat.FederationAuthenticator.authenticate(FederationAuthenticator.java:140) at org.apache.cxf.fediz.tomcat8.FederationAuthenticator.doAuthenticate(FederationAuthenticator.java:231) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:633) at org.apache.cxf.fediz.tomcat8.FederationAuthenticator.invoke(FederationAuthenticator.java:184) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:747) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:688) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) {code}
> A fix proposal for this : [https://github.com/apache/cxf-fediz/pull/60]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)