Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-795

Encrypted non-normalized assertion causes ClassCastException

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: PLINK_2.5.2.FInal
    • Fix Version/s: None
    • Component/s: SAML
    • Labels:
      None

      Description

      An application is a SAML SP. A SAML request to the SP has an Encrypted assertion.
      If a decrypted assertion is not a normalized XML, it causes ClassCastException:

      Caused by: java.lang.ClassCastException: org.codehaus.stax2.ri.evt.CharactersEventImpl cannot be cast to javax.xml.stream.events.EndElement
      at org.picketlink.identity.federation.core.parsers.saml.SAMLSubjectParser.parse(SAMLSubjectParser.java:128)
      at org.picketlink.identity.federation.core.parsers.saml.SAMLAssertionParser.parse(SAMLAssertionParser.java:132)
      at org.picketlink.identity.federation.core.parsers.saml.SAMLParser.parse(SAMLParser.java:67)
      at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler.decryptAssertion(SAML2AuthenticationHandler.java:574)
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  pcraveiro Pedro Igor Silva
                  Reporter:
                  hisanobu.okuda Hisanobu Okuda
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated: