You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Brian Reinhold (JIRA)" <ji...@apache.org> on 2015/08/04 14:51:04 UTC
[jira] [Commented] (RAMPART-387) Rampart reports SAML Token Missing
In Request
[ https://issues.apache.org/jira/browse/RAMPART-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14653568#comment-14653568 ]
Brian Reinhold commented on RAMPART-387:
----------------------------------------
Hey,
Isn't anyone going to resolve this issue? The issue is still indicated as OPEN. The fix I have proposed works so all that is needed is to implement it in the distribution!
> Rampart reports SAML Token Missing In Request
> ---------------------------------------------
>
> Key: RAMPART-387
> URL: https://issues.apache.org/jira/browse/RAMPART-387
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.6.2
> Environment: Windows 7 64; Axis2/Rampart deployment in Tomcat
> Reporter: Brian Reinhold
> Labels: newbie
> Fix For: 1.6.3
>
>
> When sending a message containing a SAML Token generated by Rampart's STS service, the module PolicyBasedResultsValidator.handleSupportingTokens() throws a RampartException with
> message "samlTokenMissing".
> I believe the error is due to only attempting to validate an unsigned token. The token created by the STS service is signed as it must be by WS Security requirements.
> Starting at line 323 one sees:
> else if (token instanceof IssuedToken)
> {
> //TODO is is enough to check for ST_UNSIGNED results ??
> WSSecurityEngineResult samlResult = WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
> if (samlResult == null)
> {
> throw new RampartException("samlTokenMissing");
> }
> There needs to be a check for ST_SIGNED.
> I do not know how to build the distribution or I would try this myself.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org