You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Anubhav Sharma (JIRA)" <ji...@apache.org> on 2011/08/18 16:01:28 UTC
[jira] [Created] (WSS-309) Improve the configurability of the SAML
signature creation in AssertionWrapper
Improve the configurability of the SAML signature creation in AssertionWrapper
------------------------------------------------------------------------------
Key: WSS-309
URL: https://issues.apache.org/jira/browse/WSS-309
Project: WSS4J
Issue Type: Improvement
Components: WSS4J Core
Affects Versions: 1.6.2
Reporter: Anubhav Sharma
Assignee: Colm O hEigeartaigh
The AssertionWrapper class is used in WSS4J to create a SAML Assertion
via a CallbackHandler. It has a method that can be used to sign the SAML
Assertion:
public void signAssertion(
String issuerKeyName,
String issuerKeyPassword,
Crypto issuerCrypto,
boolean sendKeyValue
)
The signature and canonicaliazation algorithms currently used are hard coded as showed by the following code snippet:
signature.setCanonicalizationAlgorithm(
SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS
);
String sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
}
There should be a way for the user to be able to configure these algorithms
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Closed] (WSS-309) Improve the configurability of the SAML
signature creation in AssertionWrapper
Posted by "Colm O hEigeartaigh (Closed) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-309?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed WSS-309.
-----------------------------------
> Improve the configurability of the SAML signature creation in AssertionWrapper
> ------------------------------------------------------------------------------
>
> Key: WSS-309
> URL: https://issues.apache.org/jira/browse/WSS-309
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 1.6.2
> Reporter: Anubhav Sharma
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.3
>
> Attachments: 0001-made-the-canonicalization-and-signature-algorithm-co.patch
>
>
> The AssertionWrapper class is used in WSS4J to create a SAML Assertion
> via a CallbackHandler. It has a method that can be used to sign the SAML
> Assertion:
> public void signAssertion(
> String issuerKeyName,
> String issuerKeyPassword,
> Crypto issuerCrypto,
> boolean sendKeyValue
> )
> The signature and canonicaliazation algorithms currently used are hard coded as showed by the following code snippet:
> signature.setCanonicalizationAlgorithm(
> SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS
> );
> String sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
> String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
> if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
> sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
> }
> There should be a way for the user to be able to configure these algorithms
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Updated] (WSS-309) Improve the configurability of the SAML
signature creation in AssertionWrapper
Posted by "Anubhav Sharma (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-309?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anubhav Sharma updated WSS-309:
-------------------------------
Fix Version/s: 1.6.3
> Improve the configurability of the SAML signature creation in AssertionWrapper
> ------------------------------------------------------------------------------
>
> Key: WSS-309
> URL: https://issues.apache.org/jira/browse/WSS-309
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 1.6.2
> Reporter: Anubhav Sharma
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.3
>
> Attachments: 0001-made-the-canonicalization-and-signature-algorithm-co.patch
>
>
> The AssertionWrapper class is used in WSS4J to create a SAML Assertion
> via a CallbackHandler. It has a method that can be used to sign the SAML
> Assertion:
> public void signAssertion(
> String issuerKeyName,
> String issuerKeyPassword,
> Crypto issuerCrypto,
> boolean sendKeyValue
> )
> The signature and canonicaliazation algorithms currently used are hard coded as showed by the following code snippet:
> signature.setCanonicalizationAlgorithm(
> SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS
> );
> String sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
> String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
> if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
> sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
> }
> There should be a way for the user to be able to configure these algorithms
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Resolved] (WSS-309) Improve the configurability of the SAML
signature creation in AssertionWrapper
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-309?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved WSS-309.
-------------------------------------
Resolution: Fixed
> Improve the configurability of the SAML signature creation in AssertionWrapper
> ------------------------------------------------------------------------------
>
> Key: WSS-309
> URL: https://issues.apache.org/jira/browse/WSS-309
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 1.6.2
> Reporter: Anubhav Sharma
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.3
>
> Attachments: 0001-made-the-canonicalization-and-signature-algorithm-co.patch
>
>
> The AssertionWrapper class is used in WSS4J to create a SAML Assertion
> via a CallbackHandler. It has a method that can be used to sign the SAML
> Assertion:
> public void signAssertion(
> String issuerKeyName,
> String issuerKeyPassword,
> Crypto issuerCrypto,
> boolean sendKeyValue
> )
> The signature and canonicaliazation algorithms currently used are hard coded as showed by the following code snippet:
> signature.setCanonicalizationAlgorithm(
> SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS
> );
> String sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
> String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
> if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
> sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
> }
> There should be a way for the user to be able to configure these algorithms
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Updated] (WSS-309) Improve the configurability of the SAML
signature creation in AssertionWrapper
Posted by "Anubhav Sharma (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-309?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anubhav Sharma updated WSS-309:
-------------------------------
Attachment: 0001-made-the-canonicalization-and-signature-algorithm-co.patch
> Improve the configurability of the SAML signature creation in AssertionWrapper
> ------------------------------------------------------------------------------
>
> Key: WSS-309
> URL: https://issues.apache.org/jira/browse/WSS-309
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 1.6.2
> Reporter: Anubhav Sharma
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.3
>
> Attachments: 0001-made-the-canonicalization-and-signature-algorithm-co.patch
>
>
> The AssertionWrapper class is used in WSS4J to create a SAML Assertion
> via a CallbackHandler. It has a method that can be used to sign the SAML
> Assertion:
> public void signAssertion(
> String issuerKeyName,
> String issuerKeyPassword,
> Crypto issuerCrypto,
> boolean sendKeyValue
> )
> The signature and canonicaliazation algorithms currently used are hard coded as showed by the following code snippet:
> signature.setCanonicalizationAlgorithm(
> SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS
> );
> String sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
> String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
> if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
> sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
> }
> There should be a way for the user to be able to configure these algorithms
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Updated] (WSS-309) Improve the configurability of the SAML
signature creation in AssertionWrapper
Posted by "Anubhav Sharma (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-309?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anubhav Sharma updated WSS-309:
-------------------------------
Attachment: (was: 0001-Making-Signature-and-Canonicalization-algorithm-conf.patch)
> Improve the configurability of the SAML signature creation in AssertionWrapper
> ------------------------------------------------------------------------------
>
> Key: WSS-309
> URL: https://issues.apache.org/jira/browse/WSS-309
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 1.6.2
> Reporter: Anubhav Sharma
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.3
>
> Attachments: 0001-made-the-canonicalization-and-signature-algorithm-co.patch
>
>
> The AssertionWrapper class is used in WSS4J to create a SAML Assertion
> via a CallbackHandler. It has a method that can be used to sign the SAML
> Assertion:
> public void signAssertion(
> String issuerKeyName,
> String issuerKeyPassword,
> Crypto issuerCrypto,
> boolean sendKeyValue
> )
> The signature and canonicaliazation algorithms currently used are hard coded as showed by the following code snippet:
> signature.setCanonicalizationAlgorithm(
> SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS
> );
> String sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
> String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
> if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
> sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
> }
> There should be a way for the user to be able to configure these algorithms
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Updated] (WSS-309) Improve the configurability of the SAML
signature creation in AssertionWrapper
Posted by "Anubhav Sharma (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-309?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anubhav Sharma updated WSS-309:
-------------------------------
Attachment: 0001-Making-Signature-and-Canonicalization-algorithm-conf.patch
I have enhanced the signAssertion method to be able to pass in user configured signature and canonicalization algorithms. I have also added a testcase which tests signing with default algorithms and user provided algorithms
> Improve the configurability of the SAML signature creation in AssertionWrapper
> ------------------------------------------------------------------------------
>
> Key: WSS-309
> URL: https://issues.apache.org/jira/browse/WSS-309
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 1.6.2
> Reporter: Anubhav Sharma
> Assignee: Colm O hEigeartaigh
> Attachments: 0001-Making-Signature-and-Canonicalization-algorithm-conf.patch
>
>
> The AssertionWrapper class is used in WSS4J to create a SAML Assertion
> via a CallbackHandler. It has a method that can be used to sign the SAML
> Assertion:
> public void signAssertion(
> String issuerKeyName,
> String issuerKeyPassword,
> Crypto issuerCrypto,
> boolean sendKeyValue
> )
> The signature and canonicaliazation algorithms currently used are hard coded as showed by the following code snippet:
> signature.setCanonicalizationAlgorithm(
> SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS
> );
> String sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
> String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
> if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
> sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
> }
> There should be a way for the user to be able to configure these algorithms
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org