Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-163

SAML20TokenProvider:KeyIdentifier generated using '#' which fails against SAP Server

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • PLINK_2.5.0.beta4
    • None
    • None
    • None
    • Documentation (Ref Guide, User Guide, etc.), Release Notes
    • Workaround Exists
    • Hide

      The solution is very simple. In the SAML20TokenProvider.java in the

      SAML20TokenProvider.java
      public void issueToken(ProtocolContext protoContext) throws ProcessingException {

      at line 211 you could find

      SAML20TokenProvider.java
      // set the SAML assertion attached reference.
KeyIdentifierType keyIdentifier = WSTrustUtil.createKeyIdentifier(SAMLUtil.SAML2_VALUE_TYPE, "#" + assertionID);

      Create a simple copy of SAML20TokenProvider.java with the line above changed as:

      SAML20TokenProvider.java
      KeyIdentifierType keyIdentifier = WSTrustUtil.createKeyIdentifier(SAMLUtil.SAML2_VALUE_TYPE, assertionID);

      After that in the picketlink-sts.xml, configure the tokenProvider to use my class:

      <TokenProvider ProviderClass="my.custom.package.CustomTokenProvider"
      TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
      TokenElement="Assertion"
      TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion"/>

      Show
      The solution is very simple. In the SAML20TokenProvider.java in the SAML20TokenProvider.java public void issueToken(ProtocolContext protoContext) throws ProcessingException { at line 211 you could find SAML20TokenProvider.java // set the SAML assertion attached reference. KeyIdentifierType keyIdentifier = WSTrustUtil.createKeyIdentifier(SAMLUtil.SAML2_VALUE_TYPE, "#" + assertionID); Create a simple copy of SAML20TokenProvider.java with the line above changed as: SAML20TokenProvider.java KeyIdentifierType keyIdentifier = WSTrustUtil.createKeyIdentifier(SAMLUtil.SAML2_VALUE_TYPE, assertionID); After that in the picketlink-sts.xml, configure the tokenProvider to use my class: <TokenProvider ProviderClass="my.custom.package.CustomTokenProvider" TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" TokenElement="Assertion" TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion"/>

    Description

      Request is generated with a saml token, provided by sts, in it the soap envelope, in the keyIdentifier part contains a reference with a # and it causes a failure on the remote server (see attached log cxf.log).

      A similar issue was resolved in the cxf sts here: https://issues.apache.org/jira/browse/CXF-4728

      Attachments

        1. cxf.log
          120 kB
        2. message.txt
          10 kB

        Activity

          People

            anil.saldhana Anil Saldanha (Inactive)
            rhn-support-mus Mustafa Musaji
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: