mace-opensaml-users - Re: Question regarding general SAML receiver framework
Subject: OpenSAML user discussion
List archive
- From: Walter Hoehn <>
- To: roy <>
- Cc:
- Subject: Re: Question regarding general SAML receiver framework
- Date: Tue, 06 Jan 2004 13:36:09 -0500
Hi Roy,
You are getting this error because the parser is using the SAML 1.1 schema to validate a SAML 1.0 Response. You can change this default behavior of the library by setting the "org.opensaml.compatibility-mode" property to "true" in opensaml.properties. If you need to set this flag at runtime, you can use SAMLConfig.setBooleanProperty().
Hope this helps.
-Walter
roy wrote:
---------------------------------
<?xml version="1.0" encoding="UTF-8" ?><samlp:Response IssueInstant="2003-12-08T22:52:41Z"
MajorVersion="1" MinorVersion="0"
Recipient="https://rkim00:443/pub/agent.dll?qscr=sson&gpid=79DD726F3E22";
ResponseID="aeOh0NYdo4bvK469rvw47Q=="
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:SignedInfo><ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
URI=""><ds:Transforms><ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>XdsJQcSJkDT59kJ813Sb2BbOXAI=</ds:DigestValue></ds:Reference></ds
:SignedInfo><ds:SignatureValue>piaz0T9pmpQ81GUeb5U2HbYadpx40QcsK/tTRDCamKZsQ4w2tNeGGfF4GbhxlAvijOXZAJ2U
YjIWtrBlkZPUjPJwFHNjVuaxm014KzR4mr+ek1p77spGbNvPYhqgxQpqglmVvZA+M2WdNbuH
hjHaWar6SvR9ucfojDNDhIs+wHE=</ds:SignatureValue></ds:Signature><samlp:Status><samlp:StatusCode
Value="samlp:Success"/></samlp:Status><saml:Assertion
AssertionID="yxD5Y2YOGDcRSzSHD7Of9w==" IssueInstant="2003-12-08T22:52:41Z"
Issuer="plsw002.hostingdev.unknown.net" MajorVersion="1" MinorVersion="0"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions
NotBefore="2003-7-8T0:0:0Z"
NotOnOrAfter="2004-7-8T0:0:0Z"/><saml:AuthenticationStatement
AuthenticationInstant="2003-12-08T22:52:08Z"><saml:Subject><saml:NameIdentifier
Format="urn:oasis:names:tc:SAML:1.0:assertion#WindowsQualifiedDomainName"
NameQualifier="dc=icr,dc=hostingdev,dc=unknown,dc=net">u161727</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMeth
od>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:SubjectLocality
IPAddress="10.145.21.95"/></saml:AuthenticationStatement><saml:AttributeStatement><saml:Subject><saml:NameIdentifier
Format="urn:oasis:names:tc:SAML:1.0:assertion#WindowsQualifiedDomainName"
NameQualifier="dc=icr,dc=hostingdev,dc=unknown,dc=net">u161727</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMeth
od>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:Attribute
AttributeName="EmpUID"><saml:AttributeValue>u161727</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion
</samlp:Response>---------------------------------
Does this sound about right? I've already run into an issue with
SAMLPOSTProfile::accept. I pass in the base64 encoded version of
the above SAML response, and I get an error on the ResponseId, as follows.
As far as I know, the Response is valid.
---------------------------------
1073373407 ERROR SAML.XML.ParserPool handleError: error on line 2, column
253, message: Datatype error:
Type:InvalidDatatypeValueException, Message:Value 'aeOh0NYdo4bvK469rvw47Q=='
is not valid NCName .
caught a SAML exception:
<Status xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"><StatusCode
Value="samlp:Responder"/><StatusMessage>
XML::Parser detected an error during parsing: Datatype error:
Type:InvalidDatatypeValueException, Message:Value
'aeOh0NYdo4bvK469rvw47Q==' is not valid NCName .
</StatusMessage><StatusDetail><ExceptionClass
xmlns="http://www.opensaml.org";>org.opensaml.MalformedException</ExceptionClass></StatusDetail></Status>
---------------------------------
Any ideas about what I may be doing wrong, or about how I can better tackle
the problem? Either would be *greatly* appreciated :)
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Question regarding general SAML receiver framework, roy, 01/06/2004
- RE: Question regarding general SAML receiver framework, Scott Cantor, 01/06/2004
- Re: Question regarding general SAML receiver framework, roy, 01/09/2004
- RE: Question regarding general SAML receiver framework, Scott Cantor, 01/09/2004
- RE: Question regarding general SAML receiver framework, Scott Cantor, 01/09/2004
- Re: Question regarding general SAML receiver framework, roy, 01/09/2004
- Re: Question regarding general SAML receiver framework, Walter Hoehn, 01/06/2004
- RE: Question regarding general SAML receiver framework, Scott Cantor, 01/06/2004
Archive powered by MHonArc 2.6.16.