Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-764

SP can not parse SAML response if namespace is declared in root element

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: PLINK_2.5.2.FInal
    • Fix Version/s: None
    • Component/s: SAML
    • Labels:
      None
    • Steps to Reproduce:
      Hide

      1. untar reproducer.tar.gz
      2. copy standalone.xml to $JBOSS_HOME/standalone/configuration/
      3. start EAP
      4. cd fake-idp
      5. mvn -Pwildfly clean package wildfly:deploy
      6. cd ../picketlink-federation-saml-sp-with-encryption
      7. mvn -Pwildfly clean package wildfly:deploy
      8. access http://localhost:8080/sales-post-enc/ with your browser

      Show
      1. untar reproducer.tar.gz 2. copy standalone.xml to $JBOSS_HOME/standalone/configuration/ 3. start EAP 4. cd fake-idp 5. mvn -Pwildfly clean package wildfly:deploy 6. cd ../picketlink-federation-saml-sp-with-encryption 7. mvn -Pwildfly clean package wildfly:deploy 8. access http://localhost:8080/sales-post-enc/ with your browser

      Description

      If the namespace xenc is declared in the root element of SAML response, SP throws the following exception:

      2017-05-16 17:12:24,703 ERROR [org.picketlink.common] (default task-23) Service Provider could not handle the request.: org.picketlink.common.exceptions.ProcessingException: PL00102: Processing Exception:
              at org.picketlink.common.DefaultPicketLinkLogger.processingError(DefaultPicketLinkLogger.java:174)
              at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler.decryptAssertion(SAML2AuthenticationHandler.java:554)
              at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler.handleStatusResponseType(SAML2AuthenticationHandler.java:480)
              at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler.handleStatusResponseType(SAML2AuthenticationHandler.java:142)
              at org.picketlink.identity.federation.web.process.SAMLHandlerChainProcessor.callHandlerChain(SAMLHandlerChainProcessor.java:67)
              at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.processHandlersChain(ServiceProviderSAMLResponseProcessor.java:106)
              at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.process(ServiceProviderSAMLResponseProcessor.java:88)
              at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.handleSAML2Response(SPFormAuthenticationMechanism.java:530)
              at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.handleSAMLResponse(SPFormAuthenticationMechanism.java:313)
              at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.authenticate(SPFormAuthenticationMechanism.java:275)
              at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:244)
              at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:230)
              at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:124)
              at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:99)
              at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92)
              at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
              at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
              at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
              at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
              at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
              at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
              at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
              at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
              at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
              at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
              at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
              at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
              at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
              at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
              at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
              at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285)
              at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264)
              at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
              at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175)
              at io.undertow.server.Connectors.executeRootHandler(Connectors.java:207)
              at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:802)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
              at java.lang.Thread.run(Thread.java:745)
      Caused by: ParsingException [location=null]org.picketlink.common.exceptions.ParsingException: PL00074: Parsing Error:The prefix "xenc" for element "xenc:EncryptedData" is not bound.
              at org.picketlink.common.DefaultPicketLinkLogger.parserError(DefaultPicketLinkLogger.java:490)
              at org.picketlink.common.util.DocumentUtil.getDocument(DocumentUtil.java:217)
              at org.picketlink.identity.federation.api.saml.v2.response.SAML2Response.convert(SAML2Response.java:512)
              at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler.decryptAssertion(SAML2AuthenticationHandler.java:534)
              ... 37 more
      Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 2721; The prefix "xenc" for element "xenc:EncryptedData" is not bound.
              at org.apache.xerces.parsers.DOMParser.parse(DOMParser.java:245)
              at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:298)
              at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:121)
              at org.picketlink.common.util.DocumentUtil.getDocument(DocumentUtil.java:213)
              ... 39 more
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  pcraveiro Pedro Igor Silva
                  Reporter:
                  hisanobu.okuda Hisanobu Okuda
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated: