WSIT Features of Metro 2.1 FCS Status Notes
Updated: January 25, 2011
Introduction
This document provides a list of
- new features,
- bugs fixed,
- known issues,
- what is not implemented
for each major Metro subsystem.
This document covers the following topics:
- General Issues
- High Availability, JDK support, GF version, etc.
- Metadata Exchange Status
- Policy Status
- Reliable Messaging Status
- Security Policy Status
- Security Status
- Secure Conversation Status
- Trust Status
- Coordination/Atomic Transactions Status
- Configuration Management
- Monitoring and Management
- SOAP/TCP Status
General issues
Updated: 2011-08-03
- WSIT-1578
- Description: The jaxws tooling scripts wsimport/wsgen distributed with Metro standalone distribution fail with exception when invoked.
- Cause: Missing 'Main-Class:' and 'Class-Path:' manifest entries in webservices-tools.jar and webservices-rt.jar
- Workaround: Correct both wsimport and wsgen scripts to include full classpath for invocation: webservices-api.jar:webservices-rt.jar:webservices-tools.jar, or use scripts from JAX-WS or JDK distributions.
- Fix: Fix has been applied to 2.1 and trunk revisions, any further releases after 2.1.1 will not be affected.
High Availability, JDK support, GF version, etc.
Updated: 2011-01-20
- High availability: in this release high availability & failover support has been implemented
in the following 'stateful' domains:
- stateful web services
- reliable messaging
- security nonce manager
- secured conversation
- Supported platforms: Metro was certified with Oracle's JDK 1.6.0_22 and GlassFish Server 3.1
on the following platforms:
- Windows Server 2008
- Oracle Enterprise Linux 5.4
- Solaris 10 (x86 and SPARC)
- Mavenization: Metro/WSIT project was switched from ANT-based build system to the Maven-based one.
A new common Metro group ID root
org.glassfish.metro
has been introduced. As of Metro 2.1 all bits produced by Metro project are primarily accessible from thejava.net
Maven 2 repository.
Metadata Exchange Status
Updated: 2011-01-21
New in this release
- n/a
Fixed in this release
- n/a
Known issues
- 486 - MS->Sun interop using MEX:WS-Metadata Exchange Error
- 491 - MEX doesn't work throwing com.sun.xml.ws.server.UnsupportedMediaException
- 548 - Problem with URI scheme when using MEX for metadata retrieval with 'svcutil.exe'
Feature requests not implemented in this release
- Server-side support of MEX is only officially supported in scenarios involving WS-Trust STS (Secure Token Service) metadata retrieval.
- Only the WS-Transfer/Get request is supported not the WS-MEX/GetMetadata request. This is interoperable with MEX-enabled WCF services.
Policy Status
Updated: 2011-01-21
New in this release
- n/a
Fixed in this release
- n/a
Known issues
- Policy does not set webservice features until WSDL generation
- Policy error check should produce line number and system ID
Feature requests not implemented in this release
- n/a
Reliable Messaging and Make Connection Status
Updated: 2011-01-20
New in this release
- HA & Failover support
- Extended configuration
Fixed in this release
- For the list of fixed WS-RX issues kindly consult this link
Known issues
- For the list of known WS-RX issues kindly consult this link
- HA support for in-order RM scenarios has not been fully tested due to a test client bug (see WSIT-1521 issue)
Feature requests not implemented in this release
- For the list of outstanding features and tasks in WS-RX kindly consult this link
Security Policy Status
Updated: 2011-01-21
New in this release
- Support for WS-SecurityPolicy 1.3
Fixed in this release
- n/a
Known issues
Interoperability Feature |
Status/Workaround |
---|---|
SupportingTokens assertion |
EncryptedParts in SupportingTokens assertion in message policy does not work |
WSSecurity Policy deploy |
The following security policy assertions cause a deploy failure:
|
Feature requests not implemented in this release
- XPathFilter
- RequiredElements
- SoapNormalization10
- Automatic Use of https URLs for endpoints when TransportBinding assertion is present.
Security Status
Updated: 2011-01-21
New in this release
- Initial Support for Policy Alternatives
- Support for JAAS KeyStoreLoginModule
Known Issues
Interoperability Feature |
Status |
Remark |
---|---|---|
Issue 715:
Security Failures in AIX when using TripleDES Algorithm |
Scheduled for Metro 1.5 release. | |
"" URI Reference not supported in Signature |
Need to support empty URI Reference in Signature Issue#269 |
Will be supported in a future release |
Returning of SOAP fault : Negative tests with Mismatched client and server policies |
SOAP Fault not returned: Different Algorithm suites used by Service Consumer/Provider. Issue#22 on IssueTracker |
Will be supported in a future release. |
EncryptedParts in SupportingTokens |
EncryptedParts in SupportingTokens assertion in message policy
does not work |
Need a clarification from the WS-SecurityPolicy Specification as to whether Encrypted Parts inside SupportingTokens makes sense. |
SecurityPolicy:sp:AlgorithmSuite/wsp:Policy/ |
SecurityPolicy:sp:AlgorithmSuite/wsp:Policy/sp:SoapNormalization10
assertion causes deploy failure Issue#16 |
Feature Not Implemented |
SecurityPolicy: sp:AlgorithmSuite/wsp:Policy/sp:XPath10 assertion |
SecurityPolicy: sp:AlgorithmSuite/wsp:Policy/sp:XPath10 assertion causes deploy failure Issue#15 |
Feature Not Implemented |
SecurityPolicy: sp:AlgorithmSuite/wsp:Policy/sp:XPathFilter20 assertion |
SecurityPolicy: sp:AlgorithmSuite/wsp:Policy/sp:XPathFilter20 assertion causes deploy failure Issue#14 |
Feature Not Implemented |
Security with List data type
dropping xs namespace declaration |
Issue#971 | This issue is now fixed for Sign, and Sign + Encrypt scenario.
Issue still exists for plain Encryption scenario. The workaround should be to use Sign+Encrypt if encryption is required,
or use non-optimized security. |
OOM Error with MTOM Large Data UpLoad
|
Issue#1081 | The fix is being worked upon but could not be completed for Metro 2.1 release. Will be available in a future release
|
Use of Fragment URI notation to reference a SAML Assertion
|
Issue#1490 | The fix is being worked upon but could not be completed for Metro 2.1 release. Will be available in a future release
|
Canonicalization Error with SAML Enveloped Signature when Client uses Default Namespace for the SAML Assertion
|
Issue#1520 | The fix is being worked upon but could not be completed for Metro 2.1 release. Will be available in a future release
|
Feature requests not implemented in this release
- Multiple secure conversation tokens per message is not implemented. Only one secure conversation token per message is assumed.
- When using SecureConversation, WSIT does not support different
values for AlgorithmSuite assertion in the BootstrapPolicy and the
Application Policy. That means both the BootstrapPolicy and
ApplicationPolicy should use the same AlgorithmSuite.
- If a binary secret arrives in a SAML assertion, then implementation does not ensure that SSL was used for the Incoming Message.
- Implied DerivedKeys specified by a @wsc:nonce attribute on SecureTokenRequest is not supported in this release
- The @wsc:Instance attribute on wsse:Reference for referencing specific Secure Context Token instances is not supported in this release
- The Policy Verification for incoming messages is not capable of catching a Mismatch in AlgorithmSuite values between the Service Policy and the Policy used by the Client to secure the message (refer known Issue# 22)
-
The Following WS-SecurityPolicy Features from specification
are unsupported in this release of WSIT:
WS-SecurityPolicy
Specification
SectionAssertion
Remark
5.3.1
RequiredElements
Will be supported in a future release
6.1.1
TokenInclusion
includeTokenPolicy=Once is NOT supported, except for the case of Kerberos Tokens where Once is the only supported value, Always, AlwaysToRecipient and Never are supported (refer known Issue# 19)
6.3.3
X509Token
Only <sp:WssX509V3Token10> is supported in this release.
The rest (<sp:WssX509V3Token11>, <sp:WssX509Pkcs7Token10>, <sp:WssX509Pkcs7Token11>,<sp:WssX509PkiPathV1Token10>, <sp:WssX509PkiPathV1Token11>, <sp:WssX509V1Token10>, <sp:WssX509V1Token11>) will be supported in a future release based on real-world use cases and customer preferences.6.3.9
RelToken
No Plan for supporting this token.
6.3.6
SecurityContextToken
No Plan for supporting this token
6.3.5
SpnegoContextToken
Will be supported in a future release
7.1/8.1
AlgorithmSuite
All algorithms are supported with the exception of algorithms under Asymmetric KeyWrap.
sp:AlgorithmSuite/wsp:Policy/sp:XPathFilter20 assertion causes deploy failure (refer known Issue#14)
sp:AlgorithmSuite/wsp:Policy/sp:XPath10 assertion causes deploy failure (refer known Issue #15)
sp:AlgorithmSuite/wsp:Policy/sp:SoapNormalization10 assertion causes deploy failure(refer known Issue#16)10.1
WSS10 Assertion
Everything is supported with the Exception of <sp:MustSupportRefEmbeddedToken>.
10.2
WSS11 Assertion
Everything is supported with the Exception of <sp:MustSupportRefEmbeddedToken>.
11.1
Trust10 Assertion
MustSupportClientChallenge, MustSupportServerChallenge are not supported in this release.
Secure Conversation Status
Updated: 2011-01-24
New in this release
- HA support
- Support for standard Error Handling in WS-Trust/SecureConversation: Session renew handling and enforcement with standard error information on server and client side
Fixed in this release
- /wst:RequestSecurityTokenResponse/wst:Lifetime without /wst:Created element not supported in a WS-SecureConversation scenario
Known issues
- None
Feature requests not implemented in this release
- Client initiated security context
Trust Status
Updated: 2011-01-24
New in this release
- Time Skew for WS-Trust and WS-SecureConversation Token Lifetime
Fixed in this release
- Information on OnBehalf, ActAs etc not available to the token provider
- DefaultSAMLTokenProvider should inspect UseKey content
- RequestSecurityTokenImpl not getting KeySize from ADFS RST
Known issues
- None
Feature requests not implemented in this release
- Token Cancellation Protocol.
- Token Renewing Protocol
- Any profiles on top of Negotiation and Challenge Extensions
Atomic Transactions/Coordination Status
Updated: 2011-01-25
New in this release
- Completely new implementation supporting WS-C and WS-AT 1.0, 1.1, and 1.2
Fixed in this release
- N/A
Known issues
- Missing WS-Addressing header: "{www.w3.org/2005/08/addressing}Action"
- WSATGatewayRM.initStore path:null/../wsat/inbound/
- java.lang.IllegalStateException: Transaction null does not exist
Feature requests not implemented in this release
- none
Configuration Management Status
Updated: 2011-01-21
New in this release
- n/a
Fixed in this release
- Invoke dispose on WSEndpoint delegate when swapping endpoints
Known issues
- n/a
Feature requests not implemented in this release
- n/a
Monitoring and Management
Updated: 2011-01-24
Metro now support JMX monitoring and management. See the Monitoring and Management section of the Metro User Guide for more information.
New in this release
- n/a
Fixed in this release
- n/a
Known issues
- n/a
Feature requests not implemented in this release
- n/a
SOAP/TCP Status
Updated: 2011-01-20
New in this release
- n/a
Fixed in this release
- n/a
Known issues
- None.
Feature requests not implemented in this release
- The SOAP/TCP implementation is feature-complete.