OpenSAML user discussion

[Kamlesh Patel <>]

Thanks,

It was not clear that I could give Qname as null from the documentation.

But your Explanation was very Clear.

Thanks,
Kamlesh

-----Original Message-----
From: Scott Cantor 
[mailto:]
 
Sent: Monday, July 14, 2003 7:40 PM
To: 'Kamlesh Patel'; 

Subject: RE: How to use QName with SAMLAttribute?


>I am new to xml and I am having problem understanding the QName 
>concept. I am trying to exchange attributes of type string between two 
>saml aware apps.

The first thing you have to understand is that SAML attributes have three
relevant components:

A name (just a string)
A namespace (also just a string, this is not an XML namespace) A type (this
is a schema type, which is a QName, logically speaking)

The type is only relevant for validating parsers, but I use the validator
when I parse, which has some complicating aspects for using SAML attributes,
because if you provide a type in there, it will try and find it, and if
there's no schema, you're sunk.

>I create the SAMLAttribute in the following way:
>
>      // qname for Group
>      QName qname = new QName(
>        "urn:xyz:group",     //java.lang.String namespace,
>        "Group"              //java.lang.String localName
>        );

This is going to tell the parser that your attribute is of type
{urn:xyz:group}Group. Unless that's a real type with a definition in a
schema, you don't really want to do this. You're definitely not saying it's
a string, which would be type "string" in the XML Schema NS.

>      // Create a SAMLAttribute object to be Added to
SAMLAttributeStatement
>      SAMLAttribute wlesGroup = new SAMLAttribute (
>        "myGroup",        //java.lang.String name,
>        "urn:xyz:group",  //java.lang.String namespace,
>       qname,            //QName type,
>        0,                //long lifetime,
>        groups            //java.util.Collection values
>        );

This is mixing metaphors. The name and namespace of the attribute are not
the same as a QName or a type, and you're equating them. Name and namespace
are just strings to SAML applications. They don't affect XML processing,
only application processing.

You probably want to leave type null, and just pass your strings. Strings
are legal for an <AttributeValue>'s content, w/o specifying anything more.
That should validate fine. The only time you have problems is when you start
trying to add XML attributes or more complex content to the value. We will
fix this in SAML 2.0 to work better for validating implementations, but
meantime what you're doing should be ok.

>But when I am trying to reconstruct the object on the other end I get 
>the following exception:
>org.xml.sax.SAXParseException: cvc-elt.4.2: Cannot resolve 
>'typens:Group'
to
>a type definition for element 'AttributeValue'.

Right. You're passing your non-existent namespace/name combo as the type of
the XML element, not just as the attribute's name, so it says "where's the
definition?".

-- Scott

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--