Bug 1155870

Summary: [GSS] (6.3.z) Cannot resolve WSS signature reference URI that points to AssertionID attribute of SAML 1.1 token
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Kyle Lape <klape>
Component: Web ServicesAssignee: baranowb <bbaranow>
Status: CLOSED CURRENTRELEASE QA Contact: Rostislav Svoboda <rsvoboda>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.3.1CC: asoldano, bbaranow, bmaxwell, chaowan, jawilson, rsvoboda
Target Milestone: CR1   
Target Release: EAP 6.3.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1155859
: 1155872 (view as bug list) Environment:
Last Closed: 2019-08-19 12:39:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1155859    
Bug Blocks: 1151405, 1155872, 1172035    

Description Kyle Lape 2014-10-23 04:10:07 UTC 
[Copied from Jira WSS-517]

When a SAML 1.1 token is referenced by an XML Signature reference URI in the SOAP message, WSS4J cannot find the assertion element. It looks like WSSecurityUtil.findSAMLAssertionElementById doesn't remove the hash symbol (#) before searching.

--- Additional comment from Kyle Lape on 2014-10-23 00:09:11 EDT ---

Commit can be seen here: https://github.com/apache/wss4j/commit/fec38d39c4c4980f119bb3d23bf034a47939ced3

No upstream release yet
Comment 8 baranowb 2014-12-09 08:33:20 UTC 
Tag is up: https://github.com/jbossas/redhat-wss4j/commits/wss4j-1.6.17.SP1
Comment 11 Rostislav Svoboda 2015-01-19 12:28:49 UTC 
Verified on EAP 6.3.3 CR.

commit https://github.com/apache/wss4j/commit/fec38d39c4c4980f119bb3d23bf034a47939ced3 is present in decompiled code