[seam-issues] [JBoss JIRA] Commented: (SEAMSECURITY-72) org.jboss.seam.security.externaltest.integration.client.IntegrationTest.openIdLoginWithClaimedIdentifierAndAttributeExchangeTest fails

Marek Schmidt (JIRA) jira-events at lists.jboss.org
Thu Aug 11 04:44:45 EDT 2011


    [ https://issues.jboss.org/browse/SEAMSECURITY-72?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12620247#comment-12620247 ] 

Marek Schmidt commented on SEAMSECURITY-72:
-------------------------------------------

The problem seems to be in 

OpenIdProviderAuthenticationService

{noformat}
Message authResponse = openIdServerManager.get().authResponse(parameterList, opLocalIdentifier, claimedIdentifier, authenticationSuccesful);

        if (response instanceof DirectError) {
            writeMessageToResponse(authResponse, response);
        } else {
            if (openIdProviderRequest.get().getRequestedAttributes() != null) {
                try {
                    FetchResponse fetchResponse = FetchResponse.createFetchResponse(openIdProviderRequest.get().getFetchRequest(), attributeValues);
                    authResponse.addExtension(fetchResponse);
                } catch (MessageException e) {
                    throw new RuntimeException(e);
                }
            }
{noformat}

The authResponse signs the message before the extension is added, therefore the signature is invalid. 

> org.jboss.seam.security.externaltest.integration.client.IntegrationTest.openIdLoginWithClaimedIdentifierAndAttributeExchangeTest  fails
> ---------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SEAMSECURITY-72
>                 URL: https://issues.jboss.org/browse/SEAMSECURITY-72
>             Project: Seam Security
>          Issue Type: Bug
>            Reporter: Jozef Hartinger
>            Assignee: Marek Schmidt
>             Fix For: 3.1.0.Final
>
>
> https://hudson.qa.jboss.com/hudson/view/Seam%203/job/Seam-3.X-security-CI/164/testReport/

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


More information about the seam-issues mailing list