Release NotesSOA Security Manager Release NotesDefects Fixed in SOA Security Manager ReleasesDefects Fixed in r12.1 SP3 › Responses Configured to Generate Signed SAML Session Tickets Using Public Key Obtained from XML Digital Signature Authentication Produce Unsigned SAML Session Tickets (98865)

Previous Topic: Authentication of Encrypyted Requests Intermittently Failing with Red Hat Policy Server (77348)

Next Topic: WS-Security SAML 1.1 Holder of Key Assertion Not Accepted More Than Once (97266)
Responses Configured to Generate Signed SAML Session Tickets Using Public Key Obtained from XML Digital Signature Authentication Produce Unsigned SAML Session Tickets (98865)

Generation of signed SAML Session Tickets using the public key obtained from a digital signature by the XML Digital Signature authentication scheme results in the generation of an unsigned rather than signed SAML Session Ticket.

That is, if a web service is protected by the XML Digital Signature authentication scheme and a SAML Session Ticket response is configured to extract the client's public key from the certificate and use it to sign the SAML assertion, the generated SAML Session Ticket is not signed as expected.

Workaround

Configure the policy to obtain the public key from a source other than the document with the digital certificate. For example, configure the response to obtain the public key from a client certificate sent over an SSL connection or from the user store.