143357 – WSIT SAML Sender Vouches with Certificates profile should use SignedEncryptedSupportingTokens with SamlToken assertion

This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 143357 - WSIT SAML Sender Vouches with Certificates profile should use SignedEncryptedSupportingTokens with SamlToken assertion

Summary: WSIT SAML Sender Vouches with Certificates profile should use SignedEncrypte...

Status:	RESOLVED FIXED

Alias:	None

Product:	webservices
Classification:	Unclassified
Component:	WSIT (show other bugs)
Version:	6.x
Hardware:	All All

Importance:	P2 blocker (vote)
Assignee:	Martin Grebac

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-08-09 00:27 UTC by jdg6688
Modified:	2008-08-14 15:51 UTC (History)
CC List:	1 user (show)

See Also:
Issue Type:	DEFECT
Exception Reporter:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description jdg6688 2008-08-09 00:27:08 UTC

WSIT SAML Sender Vouches  with Certificates profile should use SignedEncryptedSupportingTokens with SamlToken assertion.

This is the case that the SAML assertion has no associated proof keys itself. So it must be signed and encrypted
in transition. 

This request only applies to the .Net3.5/Metro1.3 case since the policy assertion SignedEncryptedSupportingTokens
is only supported in the Oasis standard version of ws-securitypolicy.

On the other hand this profile should not be advised to use with the member submit version.

Comment 1 Martin Grebac 2008-08-13 11:00:23 UTC

Hi, so the required change is to generate SignedEncryptedSupportingTokens assertion instead of SignedSupportingTokens
assertion when 1.3 version is used.

Would you please elaborate on what you mean by "this profile should not be advised to use with the member submit
version"? Why shall not be advised and what is your proposed solution? Shall we remove the profile from the list for
1.0/.net30 version?

Comment 2 Martin Grebac 2008-08-14 12:45:46 UTC

Fixed in trunk.

Comment 3 Quality Engineering 2008-08-14 15:51:57 UTC

Integrated into 'main-golden', available in build *200808141419* on http://bits.netbeans.org/dev/nightly/
Changeset: http://hg.netbeans.org/main/rev/f9d0cb5d1012
User: mgrebac@netbeans.org
Log: Fix of #143357 - WSIT SAML Sender Vouches  with Certificates profile should use SignedEncryptedSupportingTokens with SamlToken assertion
The supporting tokens shall be encrypted for 1.3 version.