You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Alistair Phipps (JIRA)" <ji...@apache.org> on 2011/04/17 21:50:06 UTC

[jira] [Created] (CXF-3457) Service fails to find IssuedToken using SAML bearer subject confirmation

Service fails to find IssuedToken using SAML bearer subject confirmation
------------------------------------------------------------------------

                 Key: CXF-3457
                 URL: https://issues.apache.org/jira/browse/CXF-3457
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
    Affects Versions: 2.4
            Reporter: Alistair Phipps


Using 4/12 2.4.0-SNAPSHOT.  IssuedTokenInInterceptor.findSecurityResult fails to recognize a bearer assertion where getSubjectKeyInfo returns null.  This results in the message failing the policy check as the IssuedToken is not added to the message.

Sample message:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><Action xmlns="http://www.w3.org/2005/08/addressing">xxx</Action><MessageID xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:xxx</MessageID><To xmlns="http://www.w3.org/2005/08/addressing">xxx</To><ReplyTo xmlns="http://www.w3.org/2005/08/addressing"><Address>http://www.w3.org/2005/08/addressing/anonymous</Address></ReplyTo><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-3"><wsu:Created>2011-04-17T19:22:47.886Z</wsu:Created><wsu:Expires>2011-04-17T19:27:47.886Z</wsu:Expires></wsu:Timestamp><saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_xxx" IssueInstant="2011-04-17T19:22:47.552Z" Issuer="xxx" MajorVersion="1" MinorVersion="1"><saml1:Conditions NotBefore="2011-04-17T18:22:47.552Z" NotOnOrAfter="2011-04-17T20:22:47.552Z"><saml1:AudienceRestrictionCondition><saml1:Audience>xxx</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">xxx</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>Urn:oasis:names:tc:SAML:1.0:cm:bearer</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute AttributeName="xxx" AttributeNamespace="xxx"><saml1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">xxx</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement><Signature:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:Signature="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#_xxx"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xxx</DigestValue></Reference></SignedInfo><SignatureValue>xxx</SignatureValue><KeyInfo><X509Data><X509SubjectName>xxx</X509SubjectName><X509Certificate>xxx</X509Certificate></X509Data></KeyInfo></Signature:Signature></saml1:Assertion></wsse:Security></soap:Header><soap:Body></soap:Body></soap:Envelope>

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (CXF-3457) Service fails to find IssuedToken using SAML bearer subject confirmation

Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CXF-3457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh updated CXF-3457:
-------------------------------------

    Fix Version/s: 2.4.1

> Service fails to find IssuedToken using SAML bearer subject confirmation
> ------------------------------------------------------------------------
>
>                 Key: CXF-3457
>                 URL: https://issues.apache.org/jira/browse/CXF-3457
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.4
>            Reporter: Alistair Phipps
>            Assignee: Colm O hEigeartaigh
>             Fix For: 2.4.1
>
>
> Using 4/12 2.4.0-SNAPSHOT.  IssuedTokenInInterceptor.findSecurityResult fails to recognize a bearer assertion where getSubjectKeyInfo returns null.  This results in the message failing the policy check as the IssuedToken is not added to the message.
> Sample message:
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><Action xmlns="http://www.w3.org/2005/08/addressing">xxx</Action><MessageID xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:xxx</MessageID><To xmlns="http://www.w3.org/2005/08/addressing">xxx</To><ReplyTo xmlns="http://www.w3.org/2005/08/addressing"><Address>http://www.w3.org/2005/08/addressing/anonymous</Address></ReplyTo><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-3"><wsu:Created>2011-04-17T19:22:47.886Z</wsu:Created><wsu:Expires>2011-04-17T19:27:47.886Z</wsu:Expires></wsu:Timestamp><saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_xxx" IssueInstant="2011-04-17T19:22:47.552Z" Issuer="xxx" MajorVersion="1" MinorVersion="1"><saml1:Conditions NotBefore="2011-04-17T18:22:47.552Z" NotOnOrAfter="2011-04-17T20:22:47.552Z"><saml1:AudienceRestrictionCondition><saml1:Audience>xxx</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">xxx</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>Urn:oasis:names:tc:SAML:1.0:cm:bearer</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute AttributeName="xxx" AttributeNamespace="xxx"><saml1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">xxx</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement><Signature:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:Signature="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#_xxx"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xxx</DigestValue></Reference></SignedInfo><SignatureValue>xxx</SignatureValue><KeyInfo><X509Data><X509SubjectName>xxx</X509SubjectName><X509Certificate>xxx</X509Certificate></X509Data></KeyInfo></Signature:Signature></saml1:Assertion></wsse:Security></soap:Header><soap:Body></soap:Body></soap:Envelope>

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Assigned] (CXF-3457) Service fails to find IssuedToken using SAML bearer subject confirmation

Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CXF-3457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh reassigned CXF-3457:
----------------------------------------

    Assignee: Colm O hEigeartaigh

> Service fails to find IssuedToken using SAML bearer subject confirmation
> ------------------------------------------------------------------------
>
>                 Key: CXF-3457
>                 URL: https://issues.apache.org/jira/browse/CXF-3457
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.4
>            Reporter: Alistair Phipps
>            Assignee: Colm O hEigeartaigh
>
> Using 4/12 2.4.0-SNAPSHOT.  IssuedTokenInInterceptor.findSecurityResult fails to recognize a bearer assertion where getSubjectKeyInfo returns null.  This results in the message failing the policy check as the IssuedToken is not added to the message.
> Sample message:
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><Action xmlns="http://www.w3.org/2005/08/addressing">xxx</Action><MessageID xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:xxx</MessageID><To xmlns="http://www.w3.org/2005/08/addressing">xxx</To><ReplyTo xmlns="http://www.w3.org/2005/08/addressing"><Address>http://www.w3.org/2005/08/addressing/anonymous</Address></ReplyTo><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-3"><wsu:Created>2011-04-17T19:22:47.886Z</wsu:Created><wsu:Expires>2011-04-17T19:27:47.886Z</wsu:Expires></wsu:Timestamp><saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_xxx" IssueInstant="2011-04-17T19:22:47.552Z" Issuer="xxx" MajorVersion="1" MinorVersion="1"><saml1:Conditions NotBefore="2011-04-17T18:22:47.552Z" NotOnOrAfter="2011-04-17T20:22:47.552Z"><saml1:AudienceRestrictionCondition><saml1:Audience>xxx</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">xxx</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>Urn:oasis:names:tc:SAML:1.0:cm:bearer</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute AttributeName="xxx" AttributeNamespace="xxx"><saml1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">xxx</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement><Signature:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:Signature="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#_xxx"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xxx</DigestValue></Reference></SignedInfo><SignatureValue>xxx</SignatureValue><KeyInfo><X509Data><X509SubjectName>xxx</X509SubjectName><X509Certificate>xxx</X509Certificate></X509Data></KeyInfo></Signature:Signature></saml1:Assertion></wsse:Security></soap:Header><soap:Body></soap:Body></soap:Envelope>

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (CXF-3457) Service fails to find IssuedToken using SAML bearer subject confirmation

Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CXF-3457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh resolved CXF-3457.
--------------------------------------

    Resolution: Fixed

> Service fails to find IssuedToken using SAML bearer subject confirmation
> ------------------------------------------------------------------------
>
>                 Key: CXF-3457
>                 URL: https://issues.apache.org/jira/browse/CXF-3457
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.4
>            Reporter: Alistair Phipps
>            Assignee: Colm O hEigeartaigh
>             Fix For: 2.4.1
>
>
> Using 4/12 2.4.0-SNAPSHOT.  IssuedTokenInInterceptor.findSecurityResult fails to recognize a bearer assertion where getSubjectKeyInfo returns null.  This results in the message failing the policy check as the IssuedToken is not added to the message.
> Sample message:
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><Action xmlns="http://www.w3.org/2005/08/addressing">xxx</Action><MessageID xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:xxx</MessageID><To xmlns="http://www.w3.org/2005/08/addressing">xxx</To><ReplyTo xmlns="http://www.w3.org/2005/08/addressing"><Address>http://www.w3.org/2005/08/addressing/anonymous</Address></ReplyTo><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-3"><wsu:Created>2011-04-17T19:22:47.886Z</wsu:Created><wsu:Expires>2011-04-17T19:27:47.886Z</wsu:Expires></wsu:Timestamp><saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_xxx" IssueInstant="2011-04-17T19:22:47.552Z" Issuer="xxx" MajorVersion="1" MinorVersion="1"><saml1:Conditions NotBefore="2011-04-17T18:22:47.552Z" NotOnOrAfter="2011-04-17T20:22:47.552Z"><saml1:AudienceRestrictionCondition><saml1:Audience>xxx</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">xxx</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>Urn:oasis:names:tc:SAML:1.0:cm:bearer</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute AttributeName="xxx" AttributeNamespace="xxx"><saml1:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">xxx</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement><Signature:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:Signature="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#_xxx"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xxx</DigestValue></Reference></SignedInfo><SignatureValue>xxx</SignatureValue><KeyInfo><X509Data><X509SubjectName>xxx</X509SubjectName><X509Certificate>xxx</X509Certificate></X509Data></KeyInfo></Signature:Signature></saml1:Assertion></wsse:Security></soap:Header><soap:Body></soap:Body></soap:Envelope>

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira