I'm using Apache CXF 3.1.5 to work with PingFederate 7.2. In PingFederate, I create a WS-Trust SP connection, if the SAML Assertion is not encrypted. it works well. If the SAML Assertion is encrypted, then it doesn't work, because CXF requires an Id Attribute for Element EncryptedAssertion or EncryptedData in RSTR from PingFederate. While, PingFederate doesn't provide such an Id attribute. so I have two questions.
Why does CXF require an Id attribute(method createSecurityToken in class AbstractSTSClient)? It seems the standard specifications say that the Id attribute is optional.
How can I add an Id attribute for Element EncryptedAssertion or EncryptedData in PingFederate? or is there something else I can do?
Thanks a lot!
I loosened the requirement for an ID in CXF.
Fixed here: https://issues.apache.org/jira/browse/CXF-7003
