Skip to Content.
Sympa Menu

Subject: OpenSAML user discussion

List archive


Chronological Thread 
  • From: mochamaster <>
  • To: saml <>
  • Date: Thu, 15 May 2003 11:05:47 -0700 (PDT)
I thought saml subject element can take either a
NameIdentifier & SubjectConfirmation combo or just a
single SubjectConfirmation element.

When i try it, xerces complains (with schema
validation enabled):

org.xml.sax.SAXParseException: cvc-complex-type.2.4.b:
The content of element 'Subject' is not complete. One
of
'{"urn:oasis:names:tc:SAML:1.0:assertion":NameIdentifier,
"urn:oasis:names:tc:SAML:1.0:assertion":SubjectConfirmation}'
is expected.
at org.apache.xerces.parsers.DOMParser.parse(Unknown
Source)

for the following xml:

<?xml version="1.0"?>
<Request IssueInstant="2003-05-15T18:02:08Z"
MajorVersion="1"
MinorVersion="1"
RequestID="f9f4ea17bf70ecad5d97b789e7a91c93"
xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
<AuthenticationQuery
AuthenticationMethod="urn:ietf:rfc:2246">
<Subject
xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
<SubjectConfirmation>

<ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact-01</ConfirmationMethod>
<d:KeyInfo
xmlns:d="http://www.w3.org/2000/09/xmldsig#";>
<d:KeyValue
xmlns:d="http://www.w3.org/2000/09/xmldsig#";>
<d:RSAKeyValue>

<d:Modulus>wzqLqe+Y+zskC3JxZFKDu4cWCA2wmcvGDbcRUSMmzz97s+Q+mYDvm4xCzIqK4AEwkKHh0fini1EHXyGSydDpENiRn25LI47LM+lwdU6jplxYu3OdpFP2s/8SrtMPiYtJ1XM+ZS0eK3obyVHXbGWsyIPzk7QPbunNr2dV4EPwmNc=</d:Modulus>
<d:Exponent
xmlns:d="http://www.w3.org/2000/09/xmldsig#";>AQAB</d:Exponent>
</d:RSAKeyValue>
</d:KeyValue>
<dsig:X509Data
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";>
<dsig:X509IssuerSerial>


<dsig:X509IssuerName>,
CN=Russell2_CA,
OU=SIAC, O=NYSE, C=US</dsig:X509IssuerName>

<dsig:X509SerialNumber>14</dsig:X509SerialNumber>
</dsig:X509IssuerSerial>

<dsig:X509SubjectName>CN=txdspt00, OU=SIAC,
O=NYSE,
C=US</dsig:X509SubjectName>

<dsig:X509SKI>...omitted...</dsig:X509SKI>

<dsig:X509Certificate>...omitted...</dsig:X509Certificate>
</dsig:X509Data>
</d:KeyInfo>
</SubjectConfirmation>
</Subject>
</AuthenticationQuery>
</Request>



__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at

http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--


  • [no subject], mochamaster, 05/15/2003
    • RE:, Scott Cantor, 05/15/2003
      • RE:, mochamaster, 05/16/2003
    • RE:, Scott Cantor, 05/15/2003

Archive powered by MHonArc 2.6.16.

Top of Page