WSIT

Download
Learn
Mailing Lists
Contribute

WSIT Features of Metro 2.1 FCS Status Notes

Updated: January 25, 2011

Introduction

This document provides a list of

new features,
bugs fixed,
known issues,
what is not implemented

for each major Metro subsystem.

This document covers the following topics:

General Issues
High Availability, JDK support, GF version, etc.
Metadata Exchange Status
Policy Status
Reliable Messaging Status
Security Policy Status
Security Status
Secure Conversation Status
Trust Status
Coordination/Atomic Transactions Status
Configuration Management
Monitoring and Management
SOAP/TCP Status

General issues

Updated: 2011-08-03

WSIT-1578
- Description: The jaxws tooling scripts wsimport/wsgen distributed with Metro standalone distribution fail with exception when invoked.
- Cause: Missing 'Main-Class:' and 'Class-Path:' manifest entries in webservices-tools.jar and webservices-rt.jar
- Workaround: Correct both wsimport and wsgen scripts to include full classpath for invocation: webservices-api.jar:webservices-rt.jar:webservices-tools.jar, or use scripts from JAX-WS or JDK distributions.
- Fix: Fix has been applied to 2.1 and trunk revisions, any further releases after 2.1.1 will not be affected.

High Availability, JDK support, GF version, etc.

Updated: 2011-01-20

High availability: in this release high availability & failover support has been implemented in the following 'stateful' domains:
- stateful web services
- reliable messaging
- security nonce manager
- secured conversation
Supported platforms: Metro was certified with Oracle's JDK 1.6.0_22 and GlassFish Server 3.1 on the following platforms:
- Windows Server 2008
- Oracle Enterprise Linux 5.4
- Solaris 10 (x86 and SPARC)
Metro requires JavaSE 5 or higher and the core functionality should work in any Servlet 2.4+ compliant web-container if that web container is using Oracle's JDK.
Mavenization: Metro/WSIT project was switched from ANT-based build system to the Maven-based one. A new common Metro group ID root org.glassfish.metro has been introduced. As of Metro 2.1 all bits produced by Metro project are primarily accessible from the java.net Maven 2 repository.

Metadata Exchange Status

Updated: 2011-01-21

New in this release

Fixed in this release

Known issues

486 - MS->Sun interop using MEX:WS-Metadata Exchange Error
491 - MEX doesn't work throwing com.sun.xml.ws.server.UnsupportedMediaException
548 - Problem with URI scheme when using MEX for metadata retrieval with 'svcutil.exe'

Feature requests not implemented in this release

Server-side support of MEX is only officially supported in scenarios involving WS-Trust STS (Secure Token Service) metadata retrieval.
Only the WS-Transfer/Get request is supported not the WS-MEX/GetMetadata request. This is interoperable with MEX-enabled WCF services.

Policy Status

Updated: 2011-01-21

New in this release

Fixed in this release

Known issues

Policy does not set webservice features until WSDL generation
Policy error check should produce line number and system ID

Feature requests not implemented in this release

Reliable Messaging and Make Connection Status

Updated: 2011-01-20

New in this release

HA & Failover support
Extended configuration

Fixed in this release

For the list of fixed WS-RX issues kindly consult this link

Known issues

For the list of known WS-RX issues kindly consult this link
HA support for in-order RM scenarios has not been fully tested due to a test client bug (see WSIT-1521 issue)

Feature requests not implemented in this release

For the list of outstanding features and tasks in WS-RX kindly consult this link

Security Policy Status

Updated: 2011-01-21

New in this release

Support for WS-SecurityPolicy 1.3

Fixed in this release

Known issues

Interoperability Feature	Status/Workaround
SupportingTokens assertion Issue number 12	EncryptedParts in SupportingTokens assertion in message policy does not work
WSSecurity Policy deploy Issue number 14, 15, 16	The following security policy assertions cause a deploy failure: SecurityPolicy:sp:AlgorithmSuite/wsp:Policy/sp:SoapNormalization10 SecurityPolicy:sp:AlgorithmSuite/wsp:Policy/sp:XPath10 SecurityPolicy:sp:AlgorithmSuite/wsp:Policy/sp:XPathFilter20

Interoperability Feature

Status/Workaround

SupportingTokens assertion
Issue number 12

EncryptedParts in SupportingTokens assertion in message policy does not work

WSSecurity Policy deploy
Issue number 14, 15, 16

The following security policy assertions cause a deploy failure:

SecurityPolicy:sp:AlgorithmSuite/wsp:Policy/sp:SoapNormalization10
SecurityPolicy:sp:AlgorithmSuite/wsp:Policy/sp:XPath10
SecurityPolicy:sp:AlgorithmSuite/wsp:Policy/sp:XPathFilter20

Feature requests not implemented in this release

XPathFilter
RequiredElements
SoapNormalization10
Automatic Use of https URLs for endpoints when TransportBinding assertion is present.

Security Status

Updated: 2011-01-21

New in this release

Initial Support for Policy Alternatives
Support for JAAS KeyStoreLoginModule

Known Issues

Interoperability Feature	Status	Remark
Issue 715: Security Failures in AIX when using TripleDES Algorithm	Scheduled for Metro 1.5 release.
"" URI Reference not supported in Signature	Need to support empty URI Reference in Signature Issue#269	Will be supported in a future release
Returning of SOAP fault : Negative tests with Mismatched client and server policies	SOAP Fault not returned: Different Algorithm suites used by Service Consumer/Provider. Issue#22 on IssueTracker	Will be supported in a future release.
EncryptedParts in SupportingTokens	EncryptedParts in SupportingTokens assertion in message policy does not work Issue #12 on IssueTracker	Need a clarification from the WS-SecurityPolicy Specification as to whether Encrypted Parts inside SupportingTokens makes sense.
SecurityPolicy:sp:AlgorithmSuite/wsp:Policy/ sp:SoapNormalization10 assertion	SecurityPolicy:sp:AlgorithmSuite/wsp:Policy/sp:SoapNormalization10 assertion causes deploy failure Issue#16	Feature Not Implemented
SecurityPolicy: sp:AlgorithmSuite/wsp:Policy/sp:XPath10 assertion	SecurityPolicy: sp:AlgorithmSuite/wsp:Policy/sp:XPath10 assertion causes deploy failure Issue#15	Feature Not Implemented
SecurityPolicy: sp:AlgorithmSuite/wsp:Policy/sp:XPathFilter20 assertion	SecurityPolicy: sp:AlgorithmSuite/wsp:Policy/sp:XPathFilter20 assertion causes deploy failure Issue#14	Feature Not Implemented
Security with List data type dropping xs namespace declaration	Issue#971	This issue is now fixed for Sign, and Sign + Encrypt scenario. Issue still exists for plain Encryption scenario. The workaround should be to use Sign+Encrypt if encryption is required, or use non-optimized security.
OOM Error with MTOM Large Data UpLoad	Issue#1081	The fix is being worked upon but could not be completed for Metro 2.1 release. Will be available in a future release
Use of Fragment URI notation to reference a SAML Assertion	Issue#1490	The fix is being worked upon but could not be completed for Metro 2.1 release. Will be available in a future release
Canonicalization Error with SAML Enveloped Signature when Client uses Default Namespace for the SAML Assertion	Issue#1520	The fix is being worked upon but could not be completed for Metro 2.1 release. Will be available in a future release

Feature requests not implemented in this release

Multiple secure conversation tokens per message is not implemented. Only one secure conversation token per message is assumed.
When using SecureConversation, WSIT does not support different values for AlgorithmSuite assertion in the BootstrapPolicy and the Application Policy. That means both the BootstrapPolicy and ApplicationPolicy should use the same AlgorithmSuite.
If a binary secret arrives in a SAML assertion, then implementation does not ensure that SSL was used for the Incoming Message.
Implied DerivedKeys specified by a @wsc:nonce attribute on SecureTokenRequest is not supported in this release
The @wsc:Instance attribute on wsse:Reference for referencing specific Secure Context Token instances is not supported in this release
The Policy Verification for incoming messages is not capable of catching a Mismatch in AlgorithmSuite values between the Service Policy and the Policy used by the Client to secure the message (refer known Issue# 22)

The Following WS-SecurityPolicy Features from specification are unsupported in this release of WSIT:

WS-SecurityPolicy Specification Section	Assertion	Remark
5.3.1	RequiredElements	Will be supported in a future release
6.1.1	TokenInclusion	includeTokenPolicy=Once is NOT supported, except for the case of Kerberos Tokens where Once is the only supported value, Always, AlwaysToRecipient and Never are supported (refer known Issue# 19)
6.3.3	X509Token	Only <sp:WssX509V3Token10> is supported in this release. The rest (<sp:WssX509V3Token11>, <sp:WssX509Pkcs7Token10>, <sp:WssX509Pkcs7Token11>,<sp:WssX509PkiPathV1Token10>, <sp:WssX509PkiPathV1Token11>, <sp:WssX509V1Token10>, <sp:WssX509V1Token11>) will be supported in a future release based on real-world use cases and customer preferences.
6.3.9	RelToken	No Plan for supporting this token.
6.3.6	SecurityContextToken	No Plan for supporting this token
6.3.5	SpnegoContextToken	Will be supported in a future release
7.1/8.1	AlgorithmSuite	All algorithms are supported with the exception of algorithms under Asymmetric KeyWrap. sp:AlgorithmSuite/wsp:Policy/sp:XPathFilter20 assertion causes deploy failure (refer known Issue#14) sp:AlgorithmSuite/wsp:Policy/sp:XPath10 assertion causes deploy failure (refer known Issue #15) sp:AlgorithmSuite/wsp:Policy/sp:SoapNormalization10 assertion causes deploy failure(refer known Issue#16)
10.1	WSS10 Assertion	Everything is supported with the Exception of <sp:MustSupportRefEmbeddedToken>.
10.2	WSS11 Assertion	Everything is supported with the Exception of <sp:MustSupportRefEmbeddedToken>.
11.1	Trust10 Assertion	MustSupportClientChallenge, MustSupportServerChallenge are not supported in this release.

Secure Conversation Status

Updated: 2011-01-24

New in this release

HA support
Support for standard Error Handling in WS-Trust/SecureConversation: Session renew handling and enforcement with standard error information on server and client side

Fixed in this release

/wst:RequestSecurityTokenResponse/wst:Lifetime without /wst:Created element not supported in a WS-SecureConversation scenario

Known issues

None

Feature requests not implemented in this release

Client initiated security context

Trust Status

Updated: 2011-01-24

New in this release

Time Skew for WS-Trust and WS-SecureConversation Token Lifetime

Fixed in this release

Information on OnBehalf, ActAs etc not available to the token provider
DefaultSAMLTokenProvider should inspect UseKey content
RequestSecurityTokenImpl not getting KeySize from ADFS RST

Known issues

None

Feature requests not implemented in this release

Token Cancellation Protocol.
Token Renewing Protocol
Any profiles on top of Negotiation and Challenge Extensions

Atomic Transactions/Coordination Status

Updated: 2011-01-25

New in this release

Completely new implementation supporting WS-C and WS-AT 1.0, 1.1, and 1.2

Fixed in this release

Known issues

Missing WS-Addressing header: "{www.w3.org/2005/08/addressing}Action"
WSATGatewayRM.initStore path:null/../wsat/inbound/
java.lang.IllegalStateException: Transaction null does not exist

Feature requests not implemented in this release

none

Configuration Management Status

Updated: 2011-01-21

New in this release

Fixed in this release

Invoke dispose on WSEndpoint delegate when swapping endpoints

Known issues

Feature requests not implemented in this release

Monitoring and Management

Updated: 2011-01-24

Metro now support JMX monitoring and management. See the Monitoring and Management section of the Metro User Guide for more information.

New in this release

Fixed in this release

Known issues

Feature requests not implemented in this release

SOAP/TCP Status

Updated: 2011-01-20

New in this release

Fixed in this release

Known issues

None.

Feature requests not implemented in this release

The SOAP/TCP implementation is feature-complete.