[jira] [Commented] (CXF-6237) CXF 3.0.3 rt-security has problems working with latest open saml version (2.6.1)

Thu, 05 Feb 2015 09:34:55 -0800 

    [ 
https://issues.apache.org/jira/browse/CXF-6237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14307616#comment-14307616
 ] 

Brent Putman commented on CXF-6237:
-----------------------------------

Fwiw, the underlying problem here was that the algorithm configuration metadata 
loaded in JCEMapper was incorrect.  Colm corrected that.

Note however that you can also initialize Santuario from a config resource XML 
file, rather than the info that is inlined in JCEMapper.  I think this can be 
used as a workaround until the next version of Santuario is released.

See org.apache.xml.security.Init,  and the use of the System property 
"org.apache.xml.security.resource.config".  You can use this to point at a 
local copy of the config resource XML which has the valid algorithm info, 
bypassing the inline config in JCEMapper.

In Santuario the base version can be found at: 
src/main/java/org/apache/xml/security/resource/config.xml.  You probably want 
to grab the latest trunk copy, as Colm just updated it to be correct re: the 
issues I raised in SANTUARIO-414.



> CXF 3.0.3 rt-security has problems working with latest open saml version 
> (2.6.1)
> --------------------------------------------------------------------------------
>
>                 Key: CXF-6237
>                 URL: https://issues.apache.org/jira/browse/CXF-6237
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security, WS-* Components
>    Affects Versions: 3.0.3
>            Reporter: moshiko kasirer
>            Assignee: Colm O hEigeartaigh
>         Attachments: OpenSamlTestingFailsWithNewXmlSec.docx
>
>
> Hi, 
> CXF-rt-ws-security 3.0.3 is working with wss4j of version: 
> <cxf.wss4j.version>2.0.2</cxf.wss4j.version>
> an xmlsec version of version:
> <cxf.xmlsec.bundle.version>2.0.2</cxf.xmlsec.bundle.version>
> and open SAML of version:
> <cxf.opensaml.version>2.6.1</cxf.opensaml.version>
> that is problematic as from one hand CXF 3.0.3 is dependent on XMLSEC version 
> 2.*+ and throws multiple no method exist exceptions when working with 1.5.5*  
> XMLSEC versions
> and on the other hand the latest open SAML which is the CXF open saml version 
> (2.6.1) fails on validating the SAML token when working with XMLSEC version 
> 2.*
> so actually when working with both CXF 3 and OPEN SAML 2.6.1 
> this will happen 
> when working with xmlsec 1.5.*  OPEN SAML works CXF fails   
> when working with xmlsec 2.0.*  CXF works OPEN SAML fails...
> you can see under open saml 2.6.1 that it holds xmlsec version 1.5.6 which is 
> overrided by CXF and wss4j (2.0.2)
> can you please help me figure out a way to overcome this issue?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to