You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2016/08/24 11:52:21 UTC
[jira] [Resolved] (CXF-7013) SAML token using
ws-security.callback-handler as for UT with ID attribute value
[ https://issues.apache.org/jira/browse/CXF-7013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved CXF-7013.
--------------------------------------
Resolution: Not A Problem
> SAML token using ws-security.callback-handler as for UT with ID attribute value
> -------------------------------------------------------------------------------
>
> Key: CXF-7013
> URL: https://issues.apache.org/jira/browse/CXF-7013
> Project: CXF
> Issue Type: Bug
> Components: Core
> Affects Versions: 3.0.6
> Reporter: Grzegorz Maczuga
> Assignee: Colm O hEigeartaigh
> Priority: Minor
>
> Processing of SAML token results in call of configured ws-security.callback-handler same as for Username Token.
> When CXF receives (no UT in it):
> <wss:Security>
> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="Abc-1" IssueInstant="2016-08-16T08:13:47Z" Version="2.0">
> <saml:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=user</saml:Issuer>
> <saml:Subject>
> <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">some_name</saml:NameID>
> ...
> </wss:Security>
> it calls configured:
> ws-security.callback-handler=com.SecurityCallback
> with ID="Abc-1" from above Security section as username.
> Ignoring this and moving on has no impact on processing SAML token but if SecurityCallback does some funny stuff (or at list logging) for each received UT it is really confusing.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)