[jboss-jira] [JBoss JIRA] Closed: (JBID-124) Implement WS-T SAML Token Profile:: SAMLV2.0 validation

Stefan Guilhen (JIRA) jira-events at lists.jboss.org
Wed Jun 24 17:30:56 EDT 2009 

     [ https://jira.jboss.org/jira/browse/JBID-124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stefan Guilhen closed JBID-124.
-------------------------------

    Resolution: Done


Security token are now signed by the request handler. The digital signature validation code has also been moved to the handler, as it is a common validation procedure that applies to most (if not all) types of tokens. Tests have been updated to reflect the changes.

The WSTrustJAXBFactory now preserves any token elements from JAXB (un)marshalling to prevent changes to signed elements. This means that:
- when marshalling a JAXB content tree, token elements are removed from the JAXB objects before marshalling. After the JAXB objects are marshalled to a document, the original token elements are inserted in the document.
- when unmarshalling a document, the token elements are stored before the content is unmarshalled. After the JAXB model has been created, the original token elements are inserted as Any types in the appropriate JAXB objects.

This had to be done because JAXB messes with token elements in a way that invalidates the digital signature, causing perfectly valid tokens to be rejected due to signature validation failure.

> Implement WS-T SAML Token Profile:: SAMLV2.0 validation
> -------------------------------------------------------
>
>                 Key: JBID-124
>                 URL: https://jira.jboss.org/jira/browse/JBID-124
>             Project: JBoss Identity
>          Issue Type: Sub-task
>          Components: Identity-Federation
>            Reporter: Stefan Guilhen
>            Assignee: Stefan Guilhen
>             Fix For: IDFED-1.0.0.alpha3
>
>
> The SAML token provider must be able to validate the assertions it generates. This involves validating the digital signature and also the assertion validity period (lifetime).

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list