Uploaded image for project: 'Red Hat build of Apache Camel for Spring Boot'
  1. Red Hat build of Apache Camel for Spring Boot
  2. CSB-1929

WSS4J bug prevents SAML token to be validated

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • CSB-3.20.1
    • CSB-3.20.1
    • Camel
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Very Likely
    • 0

      The Customer using wss4j to validate the saml token inside soap messages. After upgrading from version 2.2.7.redhat-00001 to 2.4.1.redhat-00005 during our camel 3 upgrade to version 3.18.3.redhat-00022 to version 3.20.1.redhat-00026, they experienced a newly introduced error when validating a saml 1.0 assertion in our camel route.

      Please find attached a reproducer example.  The issue occurs if you run testSaml1 with version 2.4.1.redhat-00005 of the wss4j library. If you switch to the older version in the pom.xml, the test will succeed.

      Is it possible to provide a patch for this issue? 

        1. saml-validation-issue.zip
          29 kB
        2. saml-validation-issue-container-test.zip
          37 kB

          1.
          		 Fix WSS4J bug prevents SAML token to be validated Sub-task Closed Critical Unassigned
          2.
          		 Validate WSS4J bug prevents SAML token to be validated Sub-task Closed Critical Unassigned

              ldemasi Luigi De Masi
              rhn-support-ychopada Yashashree Chopada
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: