You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org> on 2008/05/27 07:13:59 UTC
[jira] Updated: (RAMPART-114) "Unexpected signature" exception
thrown when using Signed/SupportingTokens Assertion
[ https://issues.apache.org/jira/browse/RAMPART-114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya updated RAMPART-114:
-----------------------------------------------
Fix Version/s: 1.4
Set Fix version to 1.4.
> "Unexpected signature" exception thrown when using Signed/SupportingTokens Assertion
> ------------------------------------------------------------------------------------
>
> Key: RAMPART-114
> URL: https://issues.apache.org/jira/browse/RAMPART-114
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.3
> Environment: Axis2 1.3, Rampart 1.3, JDK 1.4, Tomcat 5.5.20
> Reporter: Dobri Kitipov
> Assignee: Nandana Mihindukulasooriya
> Fix For: 1.4
>
> Attachments: RAMPART-114.patch, services_UT.xml
>
>
> When symmetric binding with Username token is tested then the following exception is thrown :
> "Unexpected signature".
> My observations showed that this exception is caused into org.apache.rampart.PolicyBasedResultsValidator class and namely into the
> public void validate(ValidatorData data, Vector results) method.
> There are several checks for signitureParts. These checks are for "timestamp", "EndorsingSupportingTokens" and "SignedEndorsingSupportingTokens".
> The problem is that when I read the WS - Security Policy - 1.1 - July 2005, which spec is implemented by Rampart, we can read that there are
> two additional supporting tokens assertions which are not processed into the method, namely:
> - SupportingTokens Assertion
> and
> - SignedSupportingTokens Assertion.
> In my case the policy contains an username token as SignedSupportingTokens Assertion.
> I am attaching the policy to the JIRA.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.