Grzegorz Maczuga created CXF-7088:
-------------------------------------
Summary: SignedEncryptedSupportingTokens in WS-Policy and SAML not
encrypted being accepted
Key: CXF-7088
URL: https://issues.apache.org/jira/browse/CXF-7088
Project: CXF
Issue Type: Bug
Affects Versions: 3.0.6
Reporter: Grzegorz Maczuga
In WS-Policy that is used by service we have defined
<SignedEncryptedSupportingTokens/>
Some people say that WS-SecurityPolicy 1.2 imply that also SAML assertion that
is inside WS-Security section of the message SOAP Header should be encrypted
(not only signed).
Message with SAML that is NOT encrypted is currently accepted by CXF even while
policy defines <SignedEncryptedSupportingTokens/>
Question is: does SAML assertion fall into "SupportingTokens" category and
should be encrypted as well?
What is your view on that? Is that a bug in Neethi?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
