You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Murali Krishnan <cm...@yahoo.com> on 2007/10/04 17:58:48 UTC
SamlTokenIssuer adds X509Data element to KeyValue
Hi all,
Running sample 05 of secure conversation (ws-trust) in rampart shows that the returned SAML assertion has the X509Data element included as the child of KeyValue element. But shouldn't it be included under the KeyInfo element instead?
This is actually throwing off the processing in SamlUtil.java when this assertion is sent to a service that expects a SamlToken.
Can someone please confirm?
Thanks,
Murali
---- snippet of the SAML Assertion ------
<AuthenticationStatement xmlns:axis2ns345="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:axis2ns356="urn:oasis:names:tc:SAML:1.0:assertion" AuthenticationInstant="2007-10-04T15:32:37.765Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
<Subject xmlns:axis2ns357="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:axis2ns346="urn:oasis:names:tc:SAML:1.0:assertion">
<NameIdentifier xmlns:axis2ns358="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:axis2ns347="urn:oasis:names:tc:SAML:1.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">CN=Sample Client, OU=Rampart, O=Apache, L=Colombo, ST=Western, C=LK</NameIdentifier>
<SubjectConfirmation xmlns:axis2ns348="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:axis2ns359="urn:oasis:names:tc:SAML:1.0:assertion">
<ConfirmationMethod xmlns:axis2ns360="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:axis2ns349="urn:oasis:names:tc:SAML:1.0:assertion">urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</ConfirmationMethod>
MIICTDCCAbUCBEbJZMQwDQYJKoZIhvcNAQEEBQAwbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDAgFw0wNzA4MjAwOTU0MTJaGA8yMDYyMDUyMzA5NTQxMlowbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhjQp2NJRUrAEsPYIlg26m34O16E6WkyBWMbkSvy/FJQoNg2HSOtqF/DHmej7qqJCDtiHtdZqCTOo28cpyB3XJ0g6y23ADTy1v7qUjYieF4Bn3p9QFtyznUmKyZ6hK4CjGraYvcDgjRlnPkfeyVnNamkzJB7TVRaLkumRlxHgxm0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBNLSbNEaGBj8GBoXWBndY3JFvblPvI2mDbtZsNiggGOCezyAufGe6RnR3s5DjR5YQqPcMiDtlskFQm4/SRN2Yh16E6l7LfsOhGQsPiPrDrci4T18pz1eDLSrtJiiBah1NdeISaD0kpoUiaNKiQiu16JCnxc8tGSw3nSPg44aLYmA'>http://www.w3.org/2000/09/xmldsig#">MIICTDCCAbUCBEbJZMQwDQYJKoZIhvcNAQEEBQAwbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1
UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDAgFw0wNzA4MjAwOTU0MTJaGA8yMDYyMDUyMzA5NTQxMlowbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhjQp2NJRUrAEsPYIlg26m34O16E6WkyBWMbkSvy/FJQoNg2HSOtqF/DHmej7qqJCDtiHtdZqCTOo28cpyB3XJ0g6y23ADTy1v7qUjYieF4Bn3p9QFtyznUmKyZ6hK4CjGraYvcDgjRlnPkfeyVnNamkzJB7TVRaLkumRlxHgxm0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBNLSbNEaGBj8GBoXWBndY3JFvblPvI2mDbtZsNiggGOCezyAufGe6RnR3s5DjR5YQqPcMiDtlskFQm4/SRN2Yh16E6l7LfsOhGQsPiPrDrci4T18pz1eDLSrtJiiBah1NdeISaD0kpoUiaNKiQiu16JCnxc8tGSw3nSPg44aLYmA==
</X509Data>
</KeyValue>
</KeyInfo>
</SubjectConfirmation>
</Subject>
</AuthenticationStatement>
-------- end snippet ------------------
____________________________________________________________________________________
Luggage? GPS? Comic books?
Check out fitting gifts for grads at Yahoo! Search
http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz
Re: SamlTokenIssuer adds X509Data element to KeyValue
Posted by Dimuthu Leelarathne <di...@wso2.com>.
Hi,
I checked out the Digital Signature schema. And it looks like you are
right.
I will fix it right away.
Regards,
Dimuthu
On Thu, 2007-10-04 at 08:58 -0700, Murali Krishnan wrote:
> Hi all,
> Running sample 05 of secure conversation (ws-trust) in rampart shows that the returned SAML assertion has the X509Data element included as the child of KeyValue element. But shouldn't it be included under the KeyInfo element instead?
>
> This is actually throwing off the processing in SamlUtil.java when this assertion is sent to a service that expects a SamlToken.
>
> Can someone please confirm?
> Thanks,
> Murali
>
> ---- snippet of the SAML Assertion ------
>
> <AuthenticationStatement xmlns:axis2ns345="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:axis2ns356="urn:oasis:names:tc:SAML:1.0:assertion" AuthenticationInstant="2007-10-04T15:32:37.765Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
> <Subject xmlns:axis2ns357="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:axis2ns346="urn:oasis:names:tc:SAML:1.0:assertion">
> <NameIdentifier xmlns:axis2ns358="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:axis2ns347="urn:oasis:names:tc:SAML:1.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">CN=Sample Client, OU=Rampart, O=Apache, L=Colombo, ST=Western, C=LK</NameIdentifier>
> <SubjectConfirmation xmlns:axis2ns348="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:axis2ns359="urn:oasis:names:tc:SAML:1.0:assertion">
> <ConfirmationMethod xmlns:axis2ns360="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:axis2ns349="urn:oasis:names:tc:SAML:1.0:assertion">urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</ConfirmationMethod>
>
>
>
>
> MIICTDCCAbUCBEbJZMQwDQYJKoZIhvcNAQEEBQAwbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDAgFw0wNzA4MjAwOTU0MTJaGA8yMDYyMDUyMzA5NTQxMlowbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhjQp2NJRUrAEsPYIlg26m34O16E6WkyBWMbkSvy/FJQoNg2HSOtqF/DHmej7qqJCDtiHtdZqCTOo28cpyB3XJ0g6y23ADTy1v7qUjYieF4Bn3p9QFtyznUmKyZ6hK4CjGraYvcDgjRlnPkfeyVnNamkzJB7TVRaLkumRlxHgxm0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBNLSbNEaGBj8GBoXWBndY3JFvblPvI2mDbtZsNiggGOCezyAufGe6RnR3s5DjR5YQqPcMiDtlskFQm4/SRN2Yh16E6l7LfsOhGQsPiPrDrci4T18pz1eDLSrtJiiBah1NdeISaD0kpoUiaNKiQiu16JCnxc8tGSw3nSPg44aLYmA'>http://www.w3.org/2000/09/xmldsig#">MIICTDCCAbUCBEbJZMQwDQYJKoZIhvcNAQEEBQAwbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1
> UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDAgFw0wNzA4MjAwOTU0MTJaGA8yMDYyMDUyMzA5NTQxMlowbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhjQp2NJRUrAEsPYIlg26m34O16E6WkyBWMbkSvy/FJQoNg2HSOtqF/DHmej7qqJCDtiHtdZqCTOo28cpyB3XJ0g6y23ADTy1v7qUjYieF4Bn3p9QFtyznUmKyZ6hK4CjGraYvcDgjRlnPkfeyVnNamkzJB7TVRaLkumRlxHgxm0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBNLSbNEaGBj8GBoXWBndY3JFvblPvI2mDbtZsNiggGOCezyAufGe6RnR3s5DjR5YQqPcMiDtlskFQm4/SRN2Yh16E6l7LfsOhGQsPiPrDrci4T18pz1eDLSrtJiiBah1NdeISaD0kpoUiaNKiQiu16JCnxc8tGSw3nSPg44aLYmA==
> </X509Data>
> </KeyValue>
> </KeyInfo>
> </SubjectConfirmation>
> </Subject>
> </AuthenticationStatement>
>
> -------- end snippet ------------------
>
>
>
>
> ____________________________________________________________________________________
> Luggage? GPS? Comic books?
> Check out fitting gifts for grads at Yahoo! Search
> http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz