[PLINK2-51] SAML 2.0 Subject EncryptedKey should contain KeyInfo - JBoss Issue Tracker

XML

Word

Printable

Details

Type: Enhancement
Status: Reopened (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: PLINK_2.1.8
Component/s: STS
Labels:
None

Git Pull Request:
https://github.com/picketlink2/federation/pull/183
Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1020846
Bugzilla Update:

Perform

Description

When the STS issues a SAML 2.0 Assertion for the SymmetricKey case, it generates a Subject that looks like:

<saml:Subject><saml:NameID NameQualifier="urn:picketlink:identity-federation">admin</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"><saml:SubjectConfirmationData><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>i48AXLPCf+QwOZLzp/lEzFxUbUnnYPW7ja2dESnRlDiCY3i6sfP7DEvLFTmOZMF58G6ag9v2E/yp
SsZz3u+OTEuBZSYRTNlbJ8aMjwAcn6fpqoO/iQDzBQ1lsPhrvfxFa3zXsBihZLMB3mNmDFqRKm0g
mhMh/n5MYZ5J3mCj1z8=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo></saml:SubjectConfirmationData></saml:SubjectConfirmation></saml:Subject>

However, the EncryptedKey Element should contain a KeyInfo element that references the key that was used to encrypt the symmetric key contained in the CipherData. If the recipient has multiple private keys then it will have to rely on trial and error to find the correct one to use.

Gliffy Diagrams

Attachments

Issue Links

is incorporated by

JBPAPP-10966 Upgrade PicketLink to 2.1.10 for EAP 5.3

Resolved

Activity

People

Assignee:

Anil Saldanha

Reporter:

Colm O hEigeartaigh

Votes:

1 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

14/May/12 6:44 AM

Updated:

21/Jan/14 4:47 AM