Skip to Content.
Sympa Menu

mace-opensaml-users - SAMLAuthorizationDecisionQuery question (evidence dropped)

Subject: OpenSAML user discussion

List archive

SAMLAuthorizationDecisionQuery question (evidence dropped)


Chronological Thread 
  • From: "Molitor, Mark" <>
  • To:
  • Subject: SAMLAuthorizationDecisionQuery question (evidence dropped)
  • Date: Fri, 17 Oct 2003 12:48:38 -0700 (PDT)

Hi,
I am using opensaml 0.9 code and specifically using a
SAMLRequest with an AuthorizationDecisionQuery
contained in it. If I mock up the SAML objects to
represent this request and then use the toString() to
turn it into a document, the document appears to be
formed correctly and contains evidence with my
assertion. If I turn around and attempt to create
SAML objects from that generated document, the
evidence is dropped. Here is the code to create SAML
object from string representation of the document
(variable: samlRequestString):

InputStream inStream = new
ByteArrayInputStream(samlRequestString.getBytes());
SAMLRequest request = new SAMLRequest(inStream);


In reviewing the appends to this list, I came across
an entry from Oct 16, 2003 with a subject of:
'SAMLAuthorizationDecisionStatement Question'. In
that append, Eric noted:
"My question is: Shouldn't the node parameter used in
the XML.isElementNamed function be (Element)n2 not
(Element) n ?". Scott replied: "yes...".


It appears that the 'SAMLAuthorizationDecisionQuery'
class method:
public void fromDOM(Element e)
may have the same problem. Below is a snip of part of
this method. It appears to be using (Element) n in a
similar fashion to how
SAMLAuthorizationDecisionStatement was. Perhaps this
is causing the loss of my SAML evidence.


Here is the portion of the
SAMLAuthorizationDecisionQuery > fromDOM method:

162 n = n.getNextSibling();
163 while (n != null)
164 {
165 if (n.getNodeType() ==
Node.ELEMENT_NODE && XML.isElementNamed((Element)n,
XML.SAML_NS, "Action"))
166 actions.add(new
SAMLAction((Element)n));
167 else if (n.getNodeType() ==
Node.ELEMENT_NODE && XML.isElementNamed((Element)n,
XML.SAML_NS, "Evidence"))
168 cantor 1.1 {
169 Node n2 =
n.getFirstChild();
170 while (n2 != null)
171 {
172 if
(n2.getNodeType() == Node.ELEMENT_NODE &&
XML.isElementNamed((Element)n, XML.SAML_NS,
"Assertion"))
173
evidence.add(new SAMLAssertion((Element)n2));
174 else if
(n2.getNodeType() == Node.ELEMENT_NODE &&
XML.isElementNamed((Element)n, XML.SAML_NS,
"AssertionIDReference"))
175
evidence.add(n2.getFirstChild().getNodeValue());
176 n2 =
n2.getNextSibling();
177 }
178 }
179 n = n.getNextSibling();
180 }
181 }
182


QUESTIONS:
==========
(1) Should the SAMLAuthorizationDecisionQuery fromDOM
method be corrected in a similar manner to
SAMLAuthorizationDecisionStatement fromDOM method?

(2) Could this be causing the problem of loss of
evidence?


Thanks,
Mark Molitor

__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at

http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--




Archive powered by MHonArc 2.6.16.

Top of Page