Skip to Content.
Sympa Menu

mace-opensaml-users - RE: verifying signature on saml assertions

Subject: OpenSAML user discussion

List archive

RE: verifying signature on saml assertions


Chronological Thread 
  • From: "Rakesh Aggarwal" <>
  • To: "Scott Cantor" <>, <>
  • Cc: "Shamik Sharma" <>, "Ernest Mak" <>, "Mike McEvoy" <>
  • Subject: RE: verifying signature on saml assertions
  • Date: Mon, 14 Apr 2003 16:27:50 -0700



I am using axis API to serialize the message to and from XML.
Corresponding axis API methods are "writeTo()" and "parse()". I use the
following method insertSamlInHeader() to insert the signed
saml-assertion in SOAP headers.

While verifying the assertion, I get the SOAP header containing the
assertion and pass it to the verifyAssertion() method below.

The (extra-whitespace) problem does seem related to axis soap
(de)serialization. The sign() and verify() does pass when just using w3c
Document object to wrap the samlAssertion Node, and using the toDOM(),
fromDOM() methods in SAMLAssertion objects.

Thanks

-Rakesh




private boolean insertSamlInHeader(org.apache.axis.Message am,
SAMLAssertion samlAssertion)
throws Exception {
SOAPEnvelope se = am.getSOAPEnvelope();
Document doc = DOMUtils.getDocumentBuilder().newDocument();
LOGGER.log(Level.FINE, "SAML Assertion is: " +
samlAssertion.toString());
Node node = samlAssertion.toDOM(doc);
SOAPHeaderElement she = new SOAPHeaderElement((Element) node);
se.addHeader(she);
return true;
}

String verifyAssertion(SOAPHeaderElement samlInRequest) throws
Exception {
try {
Document doc = samlInRequest.getAsDocument();
Element elem = doc.getDocumentElement();

SAMLAssertion samlAssertion = new SAMLAssertion(elem); //
from DOM representation
LOGGER.log(Level.FINE, "SAML Assertion is: " +
samlAssertion.toString());

SAMLSignedObject signedObj = (SAMLSignedObject)
samlAssertion;
boolean simple = true;
signedObj.verify(simple);

.....
}


Thanks.

-Rakesh


-----Original Message-----
From: Scott Cantor
[mailto:]

Sent: Monday, April 14, 2003 2:53 PM
To: Rakesh Aggarwal;

Cc: Shamik Sharma; Mike McEvoy
Subject: RE: verifying signature on saml assertions

> I am building using the SAMLAssertion object and then signing
> it. Then I convert the assertion to a Node using the toDOM()
> method, and insert it in a SOAP envelope using the
> SOAPHeaderElement object.

Ok. Now how do you generate the XML text out of that SOAP envelope?

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at

http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--




Archive powered by MHonArc 2.6.16.

Top of Page