wsit
  1. wsit
  2. WSIT-1580

Multiple occurrences of Condition, AudienceRestriction, OneTimeUse, ProxyRestriction elements in saml2:Assertion/saml2:Conditions is not allowed

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.1
    • Fix Version/s: None
    • Component/s: trust
    • Labels:
      None
    • Environment:

      Linux/Windows, java version "1.6.0_21",

      Description

      Constructor code in com.sun.xml.wss.saml.assertion.saml20.jaxb20.Conditions prevents multiple occurrences of Condition, AudienceRestriction, OneTimeUse, ProxyRestriction elements under saml2:Conditions in saml2:Assertion

      public Conditions( GregorianCalendar notBefore, GregorianCalendar notOnOrAfter, List condition, List ar, List oneTimeUse, List proxyRestriction) {
      .....................
      if (condition != null)

      { setConditionOrAudienceRestrictionOrOneTimeUse(condition); }

      else if (ar != null)

      { setConditionOrAudienceRestrictionOrOneTimeUse(ar); }

      else if (oneTimeUse != null)

      { setConditionOrAudienceRestrictionOrOneTimeUse(oneTimeUse); }

      else if (proxyRestriction != null)

      { setConditionOrAudienceRestrictionOrOneTimeUse(proxyRestriction); }

      }
      @SuppressWarnings("unchecked")
      private void setConditionOrAudienceRestrictionOrOneTimeUse(List condition)

      { this.conditionOrAudienceRestrictionOrOneTimeUse = condition; }

      SAML 2 schema fragment shown below allows multiple Condition, AudienceRestriction, OneTimeUse, ProxyRestriction

      <element name="Conditions" type="saml:ConditionsType"/>
      <complexType name="ConditionsType">
      <choice minOccurs="0" maxOccurs="unbounded">
      <element ref="saml:Condition"/>
      <element ref="saml:AudienceRestriction"/>
      <element ref="saml:OneTimeUse"/>
      <element ref="saml:ProxyRestriction"/>
      </choice>
      <attribute name="NotBefore" type="dateTime" use="optional"/>
      <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
      </complexType>

      and corresponding XML fragment below:

      <saml2:Conditions xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" NotBefore="2011-08-07T19:57:07.703Z" NotOnOrAfter="2011-08-07T20:02:07.703Z">
      <saml2:AudienceRestriction>
      <saml2:Audience>http://localhost:8080/calc/services/cvc</saml2:Audience>
      </saml2:AudienceRestriction>
      <saml2:Condition xmlns:del="urn:oasis:names:tc:SAML:2.0:conditions:delegation" xsi:type="del:DelegationRestrictionType ">
      <del:Delegate ConfirmationMethod="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches" DelegationInstant="2010-05-13T12:50:30.846Z">
      <saml2:NameID>john.doe@email.com</saml2:NameID>
      </del:Delegate>
      </saml2:Condition>
      </saml2:Conditions>

        Activity

        Hide
        Nithya Ramakrishnan added a comment -

        Sending wssx-impl/src/main/java/com/sun/xml/wss/saml/assertion/saml20/jaxb20/Conditions.java
        Transmitting file data .
        Committed revision 6999.

        Show
        Nithya Ramakrishnan added a comment - Sending wssx-impl/src/main/java/com/sun/xml/wss/saml/assertion/saml20/jaxb20/Conditions.java Transmitting file data . Committed revision 6999.

          People

          • Assignee:
            kumarjayanti
            Reporter:
            bshrom
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: