[jira] [Commented] (CXF-6237) CXF 3.0.3 rt-security has problems working with latest open saml version (2.6.1)

Wed, 04 Feb 2015 02:08:38 -0800 

    [ 
https://issues.apache.org/jira/browse/CXF-6237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14304874#comment-14304874
 ] 

Colm O hEigeartaigh commented on CXF-6237:
------------------------------------------


To summarize: There appears to be an issue with Spring Security + OpenSAML + 
XML Security 2.0.x. Nothing to do with CXF. The SAML code in Spring Security 
uses a different code path for validation than WSS4J/CXF does. XML Security 
2.0.x is a major release compared to 1.5.x, and so there are backwards 
compatibility differences. However, from the stacktrace it's not clear whether 
this is the problem, or if there's a bug. The only way to tell is to do some 
debugging and figure out why the trusted credential list being passed through 
to OpenSAML from Spring Security does not contain any credentials. 

Colm.

> CXF 3.0.3 rt-security has problems working with latest open saml version 
> (2.6.1)
> --------------------------------------------------------------------------------
>
>                 Key: CXF-6237
>                 URL: https://issues.apache.org/jira/browse/CXF-6237
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security, WS-* Components
>    Affects Versions: 3.0.3
>            Reporter: moshiko kasirer
>            Assignee: Colm O hEigeartaigh
>
> Hi, 
> CXF-rt-ws-security 3.0.3 is working with wss4j of version: 
> <cxf.wss4j.version>2.0.2</cxf.wss4j.version>
> an xmlsec version of version:
> <cxf.xmlsec.bundle.version>2.0.2</cxf.xmlsec.bundle.version>
> and open SAML of version:
> <cxf.opensaml.version>2.6.1</cxf.opensaml.version>
> that is problematic as from one hand CXF 3.0.3 is dependent on XMLSEC version 
> 2.*+ and throws multiple no method exist exceptions when working with 1.5.5*  
> XMLSEC versions
> and on the other hand the latest open SAML which is the CXF open saml version 
> (2.6.1) fails on validating the SAML token when working with XMLSEC version 
> 2.*
> so actually when working with both CXF 3 and OPEN SAML 2.6.1 
> this will happen 
> when working with xmlsec 1.5.*  OPEN SAML works CXF fails   
> when working with xmlsec 2.0.*  CXF works OPEN SAML fails...
> you can see under open saml 2.6.1 that it holds xmlsec version 1.5.6 which is 
> overrided by CXF and wss4j (2.0.2)
> can you please help me figure out a way to overcome this issue?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to