You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by Massimiliano Masi <ma...@math.unifi.it> on 2009/01/13 18:10:24 UTC

Misunderstanding on processIssueResponse in stsClient

Hi,

in STSClient you have the method:

   private Token processIssueResponse(int version, OMElement result,
             String issuerAddress) throws TrustException {
         OMElement rstr = result;
         if (version == RahasConstants.VERSION_05_12) {
             //The WS-SX result will be an RSTRC
             rstr = result.getFirstElement();
         }

The rstr is always the first element, but for WST1.3 is not
mandatory at all.

This makes the stsclient unable to get the securitytoken
from a message like:

<wst:RequestSecurityTokenResponse  
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
              
<wst:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</wst:TokenType>
             <wst:RequestedAttachedReference>
                <wsse:SecurityTokenReference  
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                   <wsse:Reference  
URI="#_5d26046afa8e38339caa4e1c53735d4d"  
ValueType="urn:oasis:names:tc:SAML:2.0:assertion" />
                </wsse:SecurityTokenReference>
...
   <wst:RequestedSecurityToken>
                <saml:Assertion  
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"  
ID="_5d26046afa8e38339caa4e1c53735d4d"  
IssueInstant="2009-01-13T17:06:00.597Z" Version="2.0">
                   <saml:Issuer Form....

That is valid.

Am I wrong?

Thanks

       Massimiliano



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.