OpenSAML user discussion

[Scott Cantor <>]

> I'm implementing a single sign-on solution using the 
> Browser/POST profile of SAML for the following attributes: 
> contract number, date-of-birth, first name, middle name, last 
> name. I've created an assertion servlet which will eventually 
> build the SAML response, forward to a JSP which will 
> auto-submit to the assertion consumer servlet.  Now I'm ready 
> to begin the work of actually creating and consuming the SAML 
> response.
> 
> It's a little unclear to me the steps required to build the 
> SAML reponse using the OpenSAML toolkit, so I'm looking for 
> some help to get started.

Couple of options...you could use the SAMLPOSTProfile static methods to 
shortcut some of your work, since it basically takes a bunch
of parameters and builds the response for you, but if you're including 
attributes inside the initial response, it won't do that
model.

So you can just copy a lot of the code out of that prepare() method and 
simply add code to create an AttributeStatement with what
you want in it, and add that to the SSO AuthnStatement that prepare() shows 
you how to build.

With *any* of the objects, you just build from the bottom up using the 
constructors and then serialize it with toStream() or toDOM()
as needed.

There are some subtleties when you're signing, as in the POST profile, but 
all you really do there is call sign() now.

BTW, make sure you're using the code in CVS. The 0.7 Java stuff is very out 
of date. We're branching again soon.

-- Scott

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--