[ https://issues.apache.org/jira/browse/CXF-6237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14303305#comment-14303305 ]
moshiko kasirer commented on CXF-6237: -------------------------------------- do you want me do debug the code even more? this is not my code... i can do that but i dont see the point i do know that opensaml fails with xmlsec 2.0.2 to verify the token and that i dont understand how you dont encounter the same issues. that fact that you are using both openSAML and xmlsec 2.0.2 and all of your test works doesnt mean there is no problem i wish i could have share my screen with you to show you it doesnt work. bottom line what do you think i should do ? downgrade to work with CXF 2.7.14 version that knows how to work with XMLSEC 1.5.6 ? ---------- Forwarded message ---------- From: Sergey Beryozkin (JIRA) <j...@apache.org> Date: Tue, Feb 3, 2015 at 4:01 PM Subject: [jira] [Commented] (CXF-6237) CXF 3.0.3 rt-security has problems working with latest open saml version (2.6.1) To: shiko...@gmail.com [ https://issues.apache.org/jira/browse/CXF-6237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14303284#comment-14303284 ] Sergey Beryozkin commented on CXF-6237: --------------------------------------- You mentioned that org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator.validate does not work with XmlSec 2.0.2 because the list of credentials is empty: "with XMLSEC 2.0.2 this method returns false and do not even enter the for each loop". Why exactly it is empty ? Clearly it is not XmlSec 2.0.2 which prepares a list of credentials ? Can you let us know why the list of credentials is empty ? (2.6.1) -------------------------------------------------------------------------------- version 2.*+ and throws multiple no method exist exceptions when working with 1.5.5* XMLSEC versions version (2.6.1) fails on validating the SAML token when working with XMLSEC version 2.* which is overrided by CXF and wss4j (2.0.2) -- This message was sent by Atlassian JIRA (v6.3.4#6332) > CXF 3.0.3 rt-security has problems working with latest open saml version > (2.6.1) > -------------------------------------------------------------------------------- > > Key: CXF-6237 > URL: https://issues.apache.org/jira/browse/CXF-6237 > Project: CXF > Issue Type: Bug > Components: JAX-RS Security, WS-* Components > Affects Versions: 3.0.3 > Reporter: moshiko kasirer > Assignee: Colm O hEigeartaigh > > Hi, > CXF-rt-ws-security 3.0.3 is working with wss4j of version: > <cxf.wss4j.version>2.0.2</cxf.wss4j.version> > an xmlsec version of version: > <cxf.xmlsec.bundle.version>2.0.2</cxf.xmlsec.bundle.version> > and open SAML of version: > <cxf.opensaml.version>2.6.1</cxf.opensaml.version> > that is problematic as from one hand CXF 3.0.3 is dependent on XMLSEC version > 2.*+ and throws multiple no method exist exceptions when working with 1.5.5* > XMLSEC versions > and on the other hand the latest open SAML which is the CXF open saml version > (2.6.1) fails on validating the SAML token when working with XMLSEC version > 2.* > so actually when working with both CXF 3 and OPEN SAML 2.6.1 > this will happen > when working with xmlsec 1.5.* OPEN SAML works CXF fails > when working with xmlsec 2.0.* CXF works OPEN SAML fails... > you can see under open saml 2.6.1 that it holds xmlsec version 1.5.6 which is > overrided by CXF and wss4j (2.0.2) > can you please help me figure out a way to overcome this issue? -- This message was sent by Atlassian JIRA (v6.3.4#6332)