OpenSAML user discussion

[Scott Cantor <>]

>   Why is not present the prefix definition in the XML document despite I
> include the attribute "xmlns:ogsa-saml"?

The flippant answer is that xsi:type and Qnames are basically broken in XML
and they really suck. ;)

The actual answer is that the library, when it serializes the XML, uses a
canonicalizer to do it. That way I don't have to worry about signatures as
much because the output in general matches the output that is being
signed/verified.

The problem is that the exclusive canonicalization I use will remove your
namespace because it's not "visibly used" in the document. You might say,
"hey, I'm using it right there in the xsi:type!". And you'd be right, but
unfortunately the definition of "used" does not include Qnames as values.
Broken, obviously.

Anyway, the work-around is to be sure that your namespace prefix is included
in the SAML config property for inclusive-namespace-prefixes. You can do
this statically by editing/overriding the opensaml.properties file or by
manually setting that string property in your code using the SAMLConfig
class.

This is beyond ugly, but even if I didn't force this to happen during basic
read/write (maybe using inclusive c14n instead), you'd get screwed later
when/if you signed the thing, so I felt it best to just force the issue up
front.

-- Scott