xwss
  1. xwss
  2. XWSS-55

XWSS 3.0-FCS - Create SAML 2.0 Assertion should provide mechanism to define default string data type for AttributeValue

    Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: current
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:

      All

      Description

      com.sun.xml.wss.saml.util.SAMLUtil.createSAMLAssertion(XMLStreamReader reader)

      The AttributeValue element is defined by the SAML 2.0 schema with a type="anyType". The corresponding AttributeValue Java class is therefore defined as java.lang.Object. The unmarshalling of the SAML 2.0 Assertion XML relies on jaxb. For an incoming request if the AttributeValue element value contains an XML simple data type; e.g. "string", and no corresponding namespace and "type" attributes are defined, the resulting unmarshalled value is assigned as the literal string "[AttributeValue: null]".

      Due to this behavior, interoperability with other web service stacks can be compromised.

      A new feature to support a default data type of "string" when the AttributeValue element does not contain the corresponding namespace and "type" attributes would alleviate this condition. A new jvm option could be defined that would allow this feature to be either enabled or disabled, or define the default data type to apply.

      Example of SAML 2.0 Assertion AttributeValue without namespace and type:

      <Assertion ID="urn:uuid:99b06f65-afcf-4e0e-accf-a92baa1a743b" IssueInstant="2011-08-01T21:21:54.562Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
          ...
          <AttributeStatement>
              <Attribute Name="default2string">
                  <AttributeValue>string value</AttributeValue>
              </Attribute>
      

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            richard.ettema
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: