WSIT Features of Metro 2.1 FCS Status Notes

Updated: January 25, 2011

Introduction

This document provides a list of

  • new features,
  • bugs fixed,
  • known issues,
  • what is not implemented

for each major Metro subsystem.

This document covers the following topics:



General issues

Updated: 2011-08-03

  • WSIT-1578
    • Description: The jaxws tooling scripts wsimport/wsgen distributed with Metro standalone distribution fail with exception when invoked.
    • Cause: Missing 'Main-Class:' and 'Class-Path:' manifest entries in webservices-tools.jar and webservices-rt.jar
    • Workaround: Correct both wsimport and wsgen scripts to include full classpath for invocation: webservices-api.jar:webservices-rt.jar:webservices-tools.jar, or use scripts from JAX-WS or JDK distributions.
    • Fix: Fix has been applied to 2.1 and trunk revisions, any further releases after 2.1.1 will not be affected.


High Availability, JDK support, GF version, etc.

Updated: 2011-01-20

  • High availability: in this release high availability & failover support has been implemented in the following 'stateful' domains:
    • stateful web services
    • reliable messaging
    • security nonce manager
    • secured conversation
  • Supported platforms: Metro was certified with Oracle's JDK 1.6.0_22 and GlassFish Server 3.1 on the following platforms:
    • Windows Server 2008
    • Oracle Enterprise Linux 5.4
    • Solaris 10 (x86 and SPARC)
    Metro requires JavaSE 5 or higher and the core functionality should work in any Servlet 2.4+ compliant web-container if that web container is using Oracle's JDK.
  • Mavenization: Metro/WSIT project was switched from ANT-based build system to the Maven-based one. A new common Metro group ID root org.glassfish.metro has been introduced. As of Metro 2.1 all bits produced by Metro project are primarily accessible from the java.net Maven 2 repository.


Metadata Exchange Status

Updated: 2011-01-21

New in this release

  • n/a

Fixed in this release

  • n/a

Known issues

Feature requests not implemented in this release

  • Server-side support of MEX is only officially supported in scenarios involving WS-Trust STS (Secure Token Service) metadata retrieval.
  • Only the WS-Transfer/Get request is supported not the WS-MEX/GetMetadata request. This is interoperable with MEX-enabled WCF services.


Policy Status

Updated: 2011-01-21

New in this release

  • n/a

Fixed in this release

  • n/a

Known issues

Feature requests not implemented in this release

  • n/a


Reliable Messaging and Make Connection Status

Updated: 2011-01-20

New in this release

  • HA & Failover support
  • Extended configuration

Fixed in this release

  • For the list of fixed WS-RX issues kindly consult this link

Known issues

  • For the list of known WS-RX issues kindly consult this link
  • HA support for in-order RM scenarios has not been fully tested due to a test client bug (see WSIT-1521 issue)

Feature requests not implemented in this release

  • For the list of outstanding features and tasks in WS-RX kindly consult this link


Security Policy Status

Updated: 2011-01-21

New in this release

Fixed in this release

  • n/a

Known issues

Interoperability Feature

Status/Workaround

SupportingTokens assertion
Issue number 12

EncryptedParts in SupportingTokens assertion in message policy does not work

WSSecurity Policy deploy
Issue number 14, 15, 16

The following security policy assertions cause a deploy failure:

  • SecurityPolicy:sp:AlgorithmSuite/wsp:Policy/sp:SoapNormalization10
  • SecurityPolicy:sp:AlgorithmSuite/wsp:Policy/sp:XPath10
  • SecurityPolicy:sp:AlgorithmSuite/wsp:Policy/sp:XPathFilter20

Feature requests not implemented in this release

  • XPathFilter
  • RequiredElements
  • SoapNormalization10
  • Automatic Use of https URLs for endpoints when TransportBinding assertion is present.


Security Status

Updated: 2011-01-21

New in this release

Known Issues

Interoperability Feature

Status

Remark

Issue 715:  Security Failures in AIX when using TripleDES Algorithm
Scheduled for Metro 1.5 release. 

"" URI Reference not supported in Signature

Need to support empty URI Reference in Signature Issue#269

Will be supported in a future release

Returning of SOAP fault : Negative tests with Mismatched client and server policies

SOAP Fault not returned: Different Algorithm suites used by Service Consumer/Provider.

Issue#22 on IssueTracker

Will be supported in a future release.

EncryptedParts in SupportingTokens

EncryptedParts in SupportingTokens assertion in message policy does not work
Issue #12 on IssueTracker

Need a clarification from the WS-SecurityPolicy Specification as to whether Encrypted Parts inside SupportingTokens makes sense.

SecurityPolicy:sp:AlgorithmSuite/wsp:Policy/
sp:SoapNormalization10  assertion

SecurityPolicy:sp:AlgorithmSuite/wsp:Policy/sp:SoapNormalization10 assertion causes deploy failure Issue#16

Feature Not Implemented

SecurityPolicy: sp:AlgorithmSuite/wsp:Policy/sp:XPath10 assertion

SecurityPolicy: sp:AlgorithmSuite/wsp:Policy/sp:XPath10 assertion causes deploy failure Issue#15

Feature Not Implemented

SecurityPolicy: sp:AlgorithmSuite/wsp:Policy/sp:XPathFilter20 assertion

SecurityPolicy: sp:AlgorithmSuite/wsp:Policy/sp:XPathFilter20 assertion causes deploy failure Issue#14

Feature Not Implemented  

Security with List data type dropping xs namespace declaration 
Issue#971 This issue is now fixed for Sign, and Sign + Encrypt scenario. Issue still exists for plain Encryption scenario. The workaround should be to use Sign+Encrypt if encryption is required, or use non-optimized security.
OOM Error with MTOM Large Data UpLoad  
Issue#1081 The fix is being worked upon but could not be completed for Metro 2.1 release. Will be available in a future release
Use of Fragment URI notation to reference a SAML Assertion  
Issue#1490 The fix is being worked upon but could not be completed for Metro 2.1 release. Will be available in a future release
Canonicalization Error with SAML Enveloped Signature when Client uses Default Namespace for the SAML Assertion  
Issue#1520 The fix is being worked upon but could not be completed for Metro 2.1 release. Will be available in a future release

Feature requests not implemented in this release

  • Multiple secure conversation tokens per message is not implemented. Only one secure conversation token per message is assumed.
  • When using SecureConversation, WSIT does not support different values for AlgorithmSuite assertion in the BootstrapPolicy and the Application Policy. That means both the BootstrapPolicy and ApplicationPolicy should use the same AlgorithmSuite.
  • If a binary secret arrives in a SAML assertion, then implementation does not  ensure that  SSL was used for the Incoming Message.
  • Implied DerivedKeys specified by a @wsc:nonce attribute on SecureTokenRequest is not supported in this release
  • The @wsc:Instance attribute on wsse:Reference for referencing specific Secure Context Token instances is not supported in this release
  • The Policy Verification for incoming messages is not capable of  catching a Mismatch in AlgorithmSuite values between the Service Policy and the Policy used by the Client to secure the message (refer known Issue# 22)
  • The Following WS-SecurityPolicy Features from specification are unsupported in this release of WSIT:

    WS-SecurityPolicy
    Specification
    Section

    Assertion

    Remark

    5.3.1

    RequiredElements

    Will be supported in a future release

    6.1.1

    TokenInclusion

     includeTokenPolicy=Once  is NOT supported, except for the case of Kerberos Tokens where Once is the only supported value,  Always, AlwaysToRecipient and Never are supported (refer known Issue# 19)

    6.3.3

    X509Token

    Only <sp:WssX509V3Token10> is supported in this release.

    The rest  (<sp:WssX509V3Token11>, <sp:WssX509Pkcs7Token10>, <sp:WssX509Pkcs7Token11>,<sp:WssX509PkiPathV1Token10>, <sp:WssX509PkiPathV1Token11>, <sp:WssX509V1Token10>, <sp:WssX509V1Token11>) will be supported in a future release based on real-world use cases and customer preferences.

    6.3.9

    RelToken

    No Plan for supporting this token.

    6.3.6

    SecurityContextToken

    No Plan for supporting this token

    6.3.5

    SpnegoContextToken

    Will be supported in a future release

    7.1/8.1

    AlgorithmSuite

    All algorithms are supported with the exception of algorithms under Asymmetric KeyWrap.

    sp:AlgorithmSuite/wsp:Policy/sp:XPathFilter20 assertion causes deploy failure (refer known Issue#14)
    sp:AlgorithmSuite/wsp:Policy/sp:XPath10 assertion causes deploy failure (refer known Issue #15)
    sp:AlgorithmSuite/wsp:Policy/sp:SoapNormalization10 assertion causes deploy failure(refer known Issue#16)

    10.1

    WSS10 Assertion

    Everything is supported with the Exception of <sp:MustSupportRefEmbeddedToken>.

    10.2

    WSS11 Assertion

    Everything is supported with the Exception of <sp:MustSupportRefEmbeddedToken>.

    11.1

    Trust10 Assertion

    MustSupportClientChallenge, MustSupportServerChallenge are not supported in this release.



Secure Conversation Status

Updated: 2011-01-24

New in this release

  • HA support
  • Support for standard Error Handling in WS-Trust/SecureConversation: Session renew handling and enforcement with standard error information on server and client side

Fixed in this release

Known issues

  • None

Feature requests not implemented in this release

  • Client initiated security context


Trust Status

Updated: 2011-01-24

New in this release

  • Time Skew for WS-Trust and WS-SecureConversation Token Lifetime

Fixed in this release

Known issues

  • None

Feature requests not implemented in this release

  • Token Cancellation Protocol.
  • Token Renewing Protocol
  • Any profiles on top of Negotiation and Challenge Extensions


Atomic Transactions/Coordination Status

Updated: 2011-01-25

New in this release

  • Completely new implementation supporting WS-C and WS-AT 1.0, 1.1, and 1.2

Fixed in this release

  • N/A

Known issues

Feature requests not implemented in this release

  • none


Configuration Management Status

Updated: 2011-01-21

New in this release

  • n/a

Fixed in this release

Known issues

  • n/a

Feature requests not implemented in this release

  • n/a


Monitoring and Management

Updated: 2011-01-24

Metro now support JMX monitoring and management. See the Monitoring and Management section of the Metro User Guide for more information.

New in this release

  • n/a

Fixed in this release

  • n/a

Known issues

  • n/a

Feature requests not implemented in this release

  • n/a


SOAP/TCP Status

Updated: 2011-01-20

New in this release

  • n/a

Fixed in this release

  • n/a

Known issues

  • None.

Feature requests not implemented in this release

  • The SOAP/TCP implementation is feature-complete.
Terms of Use; Privacy Policy; Copyright ©2013-2014 (revision 20140418.2d69abc)
 
 
Close
loading
Please Confirm
Close