Loading...

XML

Word

Printable

Type: Bug
Resolution: Duplicate
Priority: Major
Fix Version/s: None
Affects Version/s: 7.0.8.GA, 7.1.3.GA
Component/s: Security
Labels:
- downstream_dependency

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.z.GA

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

The property substitution was partially fixed for the IDP and SP code in 7.1.1 but the property substitution does not work for the sts code as it uses a different configuration parser (STSConfigParser).

<PicketLinkSTS xmlns="urn:picketlink:identity-federation:config:1.0"
	STSName="PicketLinkSTS" TokenTimeout="7200" EncryptToken="false">
	<KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
		<Auth Key="KeyStoreURL" Value="sts_keystore.jks"/> 
                <Auth Key="KeyStoreURL"     Value="${idp.keystore.url::sts.jks}"/>
                <Auth Key="KeyStorePass"    Value="${idp.keystore.password::imapassword}"/>
                <Auth Key="SigningKeyAlias" Value="${idp.keystore.alias::idpalias}"/>
                <Auth Key="SigningKeyPass"  Value="${idp.keystore.alias.password::imapassword}"/> 
               <ValidatingAlias Key="http://services.testcorp.org/provider1" Value="service1"/>
	</KeyProvider>
	<TokenProviders>
            <TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML11TokenProvider"
                TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
	        TokenElement="Assertion"
	        TokenElementNS="urn:oasis:names:tc:SAML:1.0:assertion"/>
            <TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider"
                TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
	        TokenElement="Assertion"
	        TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion"/>
	</TokenProviders>
	<ServiceProviders>
		<ServiceProvider Endpoint="http://services.testcorp.org/provider1" TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
			TruststoreAlias="service1"/>
	</ServiceProviders>
</PicketLinkSTS>
...

clones

JBEAP-13878 [GSS](7.1.z) The fix for CVE-2017-2582 breaks the feature of attribute replacement with system property in picketlink.xml

Closed

Assignee:: Ivo Studensky

Reporter:: Derek Horton

Tester:: Radim Hatlapatka (Inactive)

QA Contact:: Radim Hatlapatka (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2018/08/02 4:34 PM

Updated:: 2022/03/14 4:58 AM

Resolved:: 2018/08/24 8:18 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates