[ https://jira.jboss.org/jira/browse/JBID-124?page=com.atlassian.jira.plugi... ] Anil Saldhana commented on JBID-124: ------------------------------------ XMLSignatureUtil and there is XMLTimeUtil for assertion validity checking. Maybe we need an utility for assertion alone: such as checking if the validity exists etc. (I will add it today). AssertionExpiredException is the exception. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://jira.jboss.org/jira/browse/JBID-124?page=com.atlassian.jira.plugi... ] Stefan Guilhen closed JBID-124. ------------------------------- Resolution: Done SAMLV2.0 assertion validation has been implemented in the SAML20TokenProvider class. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://jira.jboss.org/jira/browse/JBID-124?page=com.atlassian.jira.plugi... ] Stefan Guilhen closed JBID-124. ------------------------------- Resolution: Done Security token are now signed by the request handler. The digital signature validation code has also been moved to the handler, as it is a common validation procedure that applies to most (if not all) types of tokens. Tests have been updated to reflect the changes. The WSTrustJAXBFactory now preserves any token elements from JAXB (un)marshalling to prevent changes to signed elements. This means that: - when marshalling a JAXB content tree, token elements are removed from the JAXB objects before marshalling. After the JAXB objects are marshalled to a document, the original token elements are inserted in the document. - when unmarshalling a document, the token elements are stored before the content is unmarshalled. After the JAXB model has been created, the original token elements are inserted as Any types in the appropriate JAXB objects. This had to be done because JAXB messes with token elements in a way that invalidates the digital signature, causing perfectly valid tokens to be rejected due to signature validation failure. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira