Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-7854 Upgrade Picketlink to 2.1.3
  3. JBPAPP-7853

Subelements of <saml2:Subject> are not parsed correctly

    XMLWordPrintable

Details

    • Release Notes
    • Low
    • Hide
      The <systemitem>SAMLSubjectParser</systemitem> did not support the &lt;saml2:NameID&gt; subelement within the &lt;saml2:SubjectConfirmation&gt; subelement of the &lt;saml2:Subject&gt; element. If it found the &lt;saml2:NameID&gt; subelement, it parsed it incorrectly and threw the following exception:

      <screen>
      java.lang.ClassCastException: com.ctc.wstx.evt.CompactStartElement cannot be cast to javax.xml.stream.events.EndElement
              at org.picketlink.identity.federation.core.parsers.saml.SAMLSubjectParser.parse(SAMLSubjectParser.java:123)
              at org.picketlink.identity.federation.core.parsers.saml.SAMLAssertionParser.parse(SAMLAssertionParser.java:148)
              at org.picketlink.identity.federation.core.parsers.saml.SAMLParser.parse(SAMLParser.java:76)
      </screen>

      This update modifies the <systemitem>SAMLSubjectParser</systemitem> to support the &lt;saml2:NameID&gt; subelement within the previously mentioned elements. The &lt;saml2:NameID&gt; subelement is now parsed correctly and the exception cited above is no longer thrown.
      Show
      The <systemitem>SAMLSubjectParser</systemitem> did not support the &lt;saml2:NameID&gt; subelement within the &lt;saml2:SubjectConfirmation&gt; subelement of the &lt;saml2:Subject&gt; element. If it found the &lt;saml2:NameID&gt; subelement, it parsed it incorrectly and threw the following exception: <screen> java.lang.ClassCastException: com.ctc.wstx.evt.CompactStartElement cannot be cast to javax.xml.stream.events.EndElement         at org.picketlink.identity.federation.core.parsers.saml.SAMLSubjectParser.parse(SAMLSubjectParser.java:123)         at org.picketlink.identity.federation.core.parsers.saml.SAMLAssertionParser.parse(SAMLAssertionParser.java:148)         at org.picketlink.identity.federation.core.parsers.saml.SAMLParser.parse(SAMLParser.java:76) </screen> This update modifies the <systemitem>SAMLSubjectParser</systemitem> to support the &lt;saml2:NameID&gt; subelement within the previously mentioned elements. The &lt;saml2:NameID&gt; subelement is now parsed correctly and the exception cited above is no longer thrown.
    • Documented as Resolved Issue
    • NEW

    Description

      PLFED is expecting a <saml2:SubjectConfirmationData> subelement within <saml2:Subject>. If it doesn't find one, it will parse the closing <saml2:Subject> tag incorrectly, throwing a ClassCastException:

      java.lang.ClassCastException: com.ctc.wstx.evt.CompactStartElement cannot be cast to javax.xml.stream.events.EndElement
        at org.picketlink.identity.federation.core.parsers.saml.SAMLSubjectParser.parse(SAMLSubjectParser.java:123)
        at org.picketlink.identity.federation.core.parsers.saml.SAMLAssertionParser.parse(SAMLAssertionParser.java:148)
        at org.picketlink.identity.federation.core.parsers.saml.SAMLParser.parse(SAMLParser.java:76)

      This goes against the specification, which does not allow <saml2:SubjectConfirmationData> elements to be direct children of <saml2:Subject>.

      See http://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf , page 18.

      Attachments

        Activity

          People

            josef.cacek@gmail.com Josef Cacek (Inactive)
            rh-ee-klape Kyle Lape
            Petr Penicka Petr Penicka (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: