Bug 5181 – Incompatibility of gridshib-SAML-tools-0_1_3 and gridshib-gt-0_5_1

Bug 5181 - Incompatibility of gridshib-SAML-tools-0_1_3 and gridshib-gt-0_5_1

Summary:

Incompatibility of gridshib-SAML-tools-0_1_3 and gridshib-gt-0_5_1

Status:	RESOLVED FIXED

Product:	GridShib
Component:	GT plugin
Version:	0.5.2
Platform:	PC Linux

Importance:	P3 normal
Target Milestone:	beta
Assigned To:	Tom Scavo

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2007-04-02 14:44 by Wonjun Lee
Modified:	2008-04-25 21:12 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Wonjun Lee 2007-04-02 14:44:24

When I tried gridshib-SAML-tools-0_1_3 with gridshib-gt-0_5_1, I had an error 
message like "ERROR authorization.SAMLAuthnAssertionPIP
[ServiceThread-6,collectAttributesImpl:186] Invalid Confirmation Method" at the
container log.

The SAML Assertion Issuer Tool does not include a SubjectConfirmation element

------- Comment #1 From Tom Scavo 2007-04-02 15:12:03 -------

There are two ways to fix this bug:

1) Add a "compatibility flag" to GS SAML Tools
2) Modify SAMLAuthnAssertionPIP in GS4GT to not require SubjectConfirmation

We decided to make the change in SAMLAuthnAssertionPIP.

------- Comment #2 From Tom Scavo 2007-04-02 15:13:33 -------

Suggested patch to SAMLAuthnAssertionPIP.java in directory

interceptors/java/source/src/org/globus/gridshib/gt/authorization/

Lines 184--189 of SAMLAuthnAssertionPIP.java read:

if (!isConfMtdOk) {
   String err = "Invalid Confirmation Method";
   logger.error(err);
   throw new Exception(err);

}

Change this to:

if (!isConfMtdOk) {
   String warn = "Bearer confirmation method not found";
   logger.warn(warn);
}

------- Comment #3 From Tom Scavo 2007-04-02 17:13:05 -------

Committed patch to gridshib_gt_0_6_0_branch

------- Comment #4 From Tom Scavo 2007-04-03 10:22:42 -------

Patch committed to branch gridshib-gt-0_5_2