1155859 – [GSS] (6.4.0) Cannot resolve WSS signature reference URI that points to AssertionID attribute of SAML 1.1 token / Upgrade wss4j to 1.6.17.SP1

Bug 1155859 - [GSS] (6.4.0) Cannot resolve WSS signature reference URI that points to AssertionID attribute of SAML 1.1 token / Upgrade wss4j to 1.6.17.SP1

Summary: [GSS] (6.4.0) Cannot resolve WSS signature reference URI that points to Asser...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Web Services
Sub Component:
Version:	6.3.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	ER1
Target Release:	EAP 6.4.0
Assignee:	baranowb
QA Contact:	Rostislav Svoboda
Docs Contact:
URL:
Whiteboard:	block_CR
Depends On:	1173459
Blocks:	1155870 1155872 1172031
TreeView+	depends on / blocked

Reported:	2014-10-23 03:40 UTC by Kyle Lape
Modified:	2019-08-19 12:43 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Clones:	1155870 (view as bug list)
Environment:
Last Closed:
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Apache JIRA	WSS-517	None	None	None	Never
Red Hat Bugzilla	1173459	unspecified	CLOSED	Upgrade wss4j to 1.6.17.SP1	2021-02-22 00:41:40 UTC
Red Hat Bugzilla	1181836	unspecified	CLOSED	RHEL6 RPMs: Upgrade wss4j to 1.6.17.SP1-redhat-1	2021-02-22 00:41:40 UTC
Red Hat Bugzilla	1181837	unspecified	CLOSED	RHEL5 RPMs: Upgrade wss4j to 1.6.17.SP1-redhat-1	2021-02-22 00:41:40 UTC
Red Hat Bugzilla	1181838	unspecified	CLOSED	RHEL7 RPMs: Upgrade wss4j to 1.6.17.SP1-redhat-1	2021-02-22 00:41:40 UTC

Internal Links: 1173459 1181836 1181837 1181838

Description Kyle Lape 2014-10-23 03:40:09 UTC

[Copied from Jira WSS-517]

When a SAML 1.1 token is referenced by an XML Signature reference URI in the SOAP message, WSS4J cannot find the assertion element. It looks like WSSecurityUtil.findSAMLAssertionElementById doesn't remove the hash symbol (#) before searching.

Comment 1 Kyle Lape 2014-10-23 04:09:11 UTC

Commit can be seen here: https://github.com/apache/wss4j/commit/fec38d39c4c4980f119bb3d23bf034a47939ced3

No upstream release yet

Comment 7 baranowb 2014-12-09 09:02:46 UTC

Linked relevant BZ. Change is in, so why this BZ is in 'NEW' ?

Comment 9 Rostislav Svoboda 2014-12-15 09:43:41 UTC

Checked on EAP 6.4.0 DR13, commit https://github.com/apache/wss4j/commit/fec38d39c4c4980f119bb3d23bf034a47939ced3 is not present in decompiled code

jboss-eap-6.4/modules/system/layers/base/org/apache/ws/security/main/wss4j-1.6.17.redhat-1.jar

wss4j upgrade to 1.6.17.SP1 wasn't done in DR13

Comment 10 Kabir Khan 2014-12-15 17:04:13 UTC

https://github.com/jbossas/jboss-eap/pull/2153

Comment 11 Kabir Khan 2014-12-15 17:04:14 UTC

https://github.com/jbossas/jboss-eap/pull/2153

Comment 12 Rostislav Svoboda 2015-01-13 11:40:39 UTC

Verified on EAP 6.4.0 ER1

Note You need to log in before you can comment on or make changes to this bug.