Loading...

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.1.0.CR1
Affects Version/s: None
Component/s: Security
Labels:
- downstream_dependency

Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1466582
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA
Git Pull Request:
https://github.com/jbossas/redhat-picketlink/pull/43, https://github.com/jbossas/redhat-picketlink/pull/44
Steps to Reproduce:

Hide

1. untar reproducer.tar.gz
2. copy standalone.xml to $JBOSS_HOME/standalone/configuration/
3. start EAP
4. cd fake-idp
5. mvn -Pwildfly clean package wildfly:deploy
6. cd ../picketlink-federation-saml-sp-with-encryption
7. mvn -Pwildfly clean package wildfly:deploy
8. access http://localhost:8080/sales-post-enc/ with your browser

Show
1. untar reproducer.tar.gz 2. copy standalone.xml to $JBOSS_HOME/standalone/configuration/ 3. start EAP 4. cd fake-idp 5. mvn -Pwildfly clean package wildfly:deploy 6. cd ../picketlink-federation-saml-sp-with-encryption 7. mvn -Pwildfly clean package wildfly:deploy 8. access http://localhost:8080/sales-post-enc/ with your browser

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

If the namespace xenc is declared in the root element of SAML response, SP throws the following exception:

2017-05-16 17:12:24,703 ERROR [org.picketlink.common] (default task-23) Service Provider could not handle the request.: org.picketlink.common.exceptions.ProcessingException: PL00102: Processing Exception:
        at org.picketlink.common.DefaultPicketLinkLogger.processingError(DefaultPicketLinkLogger.java:174)
        at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler.decryptAssertion(SAML2AuthenticationHandler.java:554)
        at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler.handleStatusResponseType(SAML2AuthenticationHandler.java:480)
        at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler.handleStatusResponseType(SAML2AuthenticationHandler.java:142)
        at org.picketlink.identity.federation.web.process.SAMLHandlerChainProcessor.callHandlerChain(SAMLHandlerChainProcessor.java:67)
        at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.processHandlersChain(ServiceProviderSAMLResponseProcessor.java:106)
        at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.process(ServiceProviderSAMLResponseProcessor.java:88)
        at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.handleSAML2Response(SPFormAuthenticationMechanism.java:530)
        at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.handleSAMLResponse(SPFormAuthenticationMechanism.java:313)
        at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.authenticate(SPFormAuthenticationMechanism.java:275)
        at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:244)
        at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:230)
        at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:124)
        at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:99)
        at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92)
        at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
        at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
        at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
        at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
        at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
        at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
        at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285)
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264)
        at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
        at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175)
        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:207)
        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:802)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: ParsingException [location=null]org.picketlink.common.exceptions.ParsingException: PL00074: Parsing Error:The prefix "xenc" for element "xenc:EncryptedData" is not bound.
        at org.picketlink.common.DefaultPicketLinkLogger.parserError(DefaultPicketLinkLogger.java:490)
        at org.picketlink.common.util.DocumentUtil.getDocument(DocumentUtil.java:217)
        at org.picketlink.identity.federation.api.saml.v2.response.SAML2Response.convert(SAML2Response.java:512)
        at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler.decryptAssertion(SAML2AuthenticationHandler.java:534)
        ... 37 more
Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 2721; The prefix "xenc" for element "xenc:EncryptedData" is not bound.
        at org.apache.xerces.parsers.DOMParser.parse(DOMParser.java:245)
        at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:298)
        at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:121)
        at org.picketlink.common.util.DocumentUtil.getDocument(DocumentUtil.java:213)
        ... 39 more

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

reproducer.tar.gz
2017/05/16 4:50 AM
1.43 MB
Hisanobu Okuda

is cloned by

JBEAP-11887 [GSS](7.0.z) SP can not parse SAML response if namespace is declared in root element

Verified

JBEAP-12096 [GSS](7.0.5 patch) SP can not parse SAML response if namespace is declared in root element

Closed

is incorporated by

JBEAP-11977 [GSS](7.1.0) Upgrade picketlink 2.5.5.SP7 to 2.5.5.SP8

Verified

relates to

PLINK-764 SP can not parse SAML response if namespace is declared in root element

Open

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates