SecurityTokenReference elements do not contain TokenType

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

SecurityTokenReference elements do not contain TokenType

bshrom
Hello, this is repost of the message
(http://metro.1045641.n5.nabble.com/SecurityTokenReference-elements-in-do-not-contain-TokenType-td5061181.html)
from the user forum - since nobody answered it there posting it here in hope
that somebody will actually take a look and reply.

Can somebody verify that patch for the issue 1324 (
http://java.net/jira/browse/WSIT-1324 [1] ) has been applied to 2.1.1 and to
the main source branch? (bug was closed as "fixed").

I'm currently using Metro 2.1.1 and SecurityTokenReference elements in do
not
contain TokenType.

It looks like svn sources do not contain the fixes.

This is a major issue, please do not disregard this question.

I don't have a problem overriding DefaultSAMLTokenProvider, however this
becomes a bigger problem when including SAML tokens as primary tokens in
requests.

Description from the Jira:

The WSS SAML Token Profile 1.1 specifies that when a SecurityTokenReference
points to a SAML 2.0 assertion, the element MUST have a wsse11:TokenType
attribute of either
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
[2].
For
SAML 1.1, the attribute is optional, but SHOULD contain
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 [3]

This is both a problem in the STS (DefaultSAMLTokenProvider) and when
including
SAML tokens as primary tokens in requests.


[1] http://java.net/jira/browse/WSIT-1324
[2] http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
[3] http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SecurityTokenReference elements do not contain TokenType

Martin Grebac-2
No, I don't see the changes applied to either 2.2 branch or trunk.
Reopened the bug - we'll verify what happened. Thanks for being
persistent on this,
 MartiNG

On 01/10/2012 10:36 PM, bshrom wrote:

> Hello, this is repost of the message
> (http://metro.1045641.n5.nabble.com/SecurityTokenReference-elements-in-do-not-contain-TokenType-td5061181.html)
> from the user forum - since nobody answered it there posting it here in hope
> that somebody will actually take a look and reply.
>
> Can somebody verify that patch for the issue 1324 (
> http://java.net/jira/browse/WSIT-1324 [1] ) has been applied to 2.1.1 and to
> the main source branch? (bug was closed as "fixed").
>
> I'm currently using Metro 2.1.1 and SecurityTokenReference elements in do
> not
> contain TokenType.
>
> It looks like svn sources do not contain the fixes.
>
> This is a major issue, please do not disregard this question.
>
> I don't have a problem overriding DefaultSAMLTokenProvider, however this
> becomes a bigger problem when including SAML tokens as primary tokens in
> requests.
>
> Description from the Jira:
>
> The WSS SAML Token Profile 1.1 specifies that when a SecurityTokenReference
> points to a SAML 2.0 assertion, the element MUST have a wsse11:TokenType
> attribute of either
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
> [2].
> For
> SAML 1.1, the attribute is optional, but SHOULD contain
> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 [3]
>
> This is both a problem in the STS (DefaultSAMLTokenProvider) and when
> including
> SAML tokens as primary tokens in requests.
>
>
> [1] http://java.net/jira/browse/WSIT-1324
> [2] http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
> [3] http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
>
>
> --
> View this message in context: http://metro.1045641.n5.nabble.com/SecurityTokenReference-elements-do-not-contain-TokenType-tp5135325p5135325.html
> Sent from the Metro - Development mailing list archive at Nabble.com.

--
Martin Grebac, GlassFish/Metro/JAXWS/JAXB/Tooling at Oracle
http://blogs.oracle.com/mgrebac
ICQ: 93478885

Loading...