[seam-issues] [JBoss JIRA] Commented: (SEAMSECURITY-72) org.jboss.seam.security.externaltest.integration.client.IntegrationTest.openIdLoginWithClaimedIdentifierAndAttributeExchangeTest fails
Marek Schmidt (JIRA)
jira-events at lists.jboss.org
Thu Aug 11 04:44:45 EDT 2011
[ https://issues.jboss.org/browse/SEAMSECURITY-72?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12620247#comment-12620247 ]
Marek Schmidt commented on SEAMSECURITY-72:
-------------------------------------------
The problem seems to be in
OpenIdProviderAuthenticationService
{noformat}
Message authResponse = openIdServerManager.get().authResponse(parameterList, opLocalIdentifier, claimedIdentifier, authenticationSuccesful);
if (response instanceof DirectError) {
writeMessageToResponse(authResponse, response);
} else {
if (openIdProviderRequest.get().getRequestedAttributes() != null) {
try {
FetchResponse fetchResponse = FetchResponse.createFetchResponse(openIdProviderRequest.get().getFetchRequest(), attributeValues);
authResponse.addExtension(fetchResponse);
} catch (MessageException e) {
throw new RuntimeException(e);
}
}
{noformat}
The authResponse signs the message before the extension is added, therefore the signature is invalid.
> org.jboss.seam.security.externaltest.integration.client.IntegrationTest.openIdLoginWithClaimedIdentifierAndAttributeExchangeTest fails
> ---------------------------------------------------------------------------------------------------------------------------------------
>
> Key: SEAMSECURITY-72
> URL: https://issues.jboss.org/browse/SEAMSECURITY-72
> Project: Seam Security
> Issue Type: Bug
> Reporter: Jozef Hartinger
> Assignee: Marek Schmidt
> Fix For: 3.1.0.Final
>
>
> https://hudson.qa.jboss.com/hudson/view/Seam%203/job/Seam-3.X-security-CI/164/testReport/
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list