You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Andrea Poli <ap...@link.it> on 2010/05/04 15:36:23 UTC
WSS-146
I see https://issues.apache.org/jira/browse/WSS-146
I applied the patch successfully.
I have tested it, too.
I did the following tests (both for SAML 1.1 and for SAML 2.0):
1. SAMLUnsigned
2. SAMLSigned with confirmationMethod=senderVouches and
xml.signature.spec=wss
3. SAMLSigned with confirmationMethod=keyHolder and xml.signature.spec=wss
4. SAMLSigned with confirmationMethod=senderVouches and
xml.signature.spec=saml
5. SAMLSigned with confirmationMethod=keyHolder and xml.signature.spec=saml
You found the configurations of the tests attached.
Only the tests 1,2,4 have perfectly succeeded.
The tests 3 and 5 fail. These tests contain a configuration:
confirmationMethod=keyHolder
NOTE: After having modified the sources with the patch
wss4j-1.5.8-saml.patch (https://issues.apache.org/jira/browse/WSS-146) I
have modified again them.
You found the patch attached: wss4j-1.5.8-saml-ext.patch
Can you confirm me that this last patch correctly works?
Could you suggest me a solution for the tests with
confirmationMethod=keyHolder ?
Andrea.
RE: WSS-146
Posted by Martin Gainty <mg...@hotmail.com>.
so here is the code
if ("senderVouches"
.equals(properties.getProperty("org.apache.ws.security.saml.confirmationMethod"))) {
confirmationMethods[0] = SAMLSubject.CONF_SENDER_VOUCHES;
} else if (
"keyHolder".equals(properties.getProperty("org.apache.ws.security.saml.confirmationMethod"))) { //YES
confirmationMethods[0] = SAMLSubject.CONF_HOLDER_KEY;
senderVouches = false;
}
/** Holder of Key Confirmation Method Identifier */
public final static String CONF_HOLDER_KEY = "urn:oasis:names:tc:SAML:1.0:cm:holder-of-key";
which means you will need to supply not only the confirmation method but also the EncryptedKey,EncryptionMethod..the DigestMethod..x509Data and cipherData and EncryptedKey
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<enc:EncryptedKey xmlns:enc="http://www.w3.org/2001/04/xmlenc#">
<enc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
</enc:EncryptionMethod>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIB3 . . . vO3bdg</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<enc:CipherData>
<enc:CipherValue>P5Kb . . . rOTvII</enc:CipherValue>
</enc:CipherData>
</enc:EncryptedKey>
</ds:KeyInfo>
</saml:SubjectConfirmation>http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/cwbs_samltokenprofilespec.html
Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
> Date: Tue, 4 May 2010 15:36:23 +0200
> From: apoli@link.it
> To: wss4j-dev@ws.apache.org
> Subject: WSS-146
>
> I see https://issues.apache.org/jira/browse/WSS-146
> I applied the patch successfully.
> I have tested it, too.
>
> I did the following tests (both for SAML 1.1 and for SAML 2.0):
> 1. SAMLUnsigned
> 2. SAMLSigned with confirmationMethod=senderVouches and
> xml.signature.spec=wss
> 3. SAMLSigned with confirmationMethod=keyHolder and xml.signature.spec=wss
> 4. SAMLSigned with confirmationMethod=senderVouches and
> xml.signature.spec=saml
> 5. SAMLSigned with confirmationMethod=keyHolder and xml.signature.spec=saml
>
> You found the configurations of the tests attached.
> Only the tests 1,2,4 have perfectly succeeded.
> The tests 3 and 5 fail. These tests contain a configuration:
> confirmationMethod=keyHolder
>
> NOTE: After having modified the sources with the patch
> wss4j-1.5.8-saml.patch (https://issues.apache.org/jira/browse/WSS-146) I
> have modified again them.
> You found the patch attached: wss4j-1.5.8-saml-ext.patch
>
> Can you confirm me that this last patch correctly works?
>
> Could you suggest me a solution for the tests with
> confirmationMethod=keyHolder ?
>
> Andrea.
>
_________________________________________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5