OpenSAML user discussion

[Grover Manuel Campos Ancajima <>]

Scott Cantor escribió:

Yes, I'm using the opensaml 1.0, and Xerces-J 2.6.2 that's 
different version of the jars included in OpenSAML 1.0.
That's wrong??
    

It shouldn't be, I was just wondering. In fact, I was even going to suggest
you might try that.

But, you're using the DOM3 version, right? I would think it should be
detecting them per usual and preventing things from starting up if you
weren't, but the problem you had is a DOM3 issue, so it must be something to
do with that.

Can you possibly dump the assertion text before you pass it into the
constructor? I don't really understand what's happening, I can't see any way
for the crash to happen. It looks like a required attribute is missing, and
the parser should be detecting that when it validates.

I wonder if the 2.6 stuff has changed some aspect of the DOM3 functionality
in the default distribution. They still say you have to download source and
build the DOM3 version yourself, so if you didn't do that, I think you
should do that, or just use the dom3-*.jar files in the opensaml endorsed
folder. I haven't tested with 2.6 either, so 2.5 would be a safer starting
point.

-- Scott
  

Well, I'm using exactly beta2-dom3-Xerces-J-bin.2.6.2, I am using jar that it comes in the package and installs in the directory endorsed of java. I think like you: It shouldn't be!, but be :-(.

The code is:

    private SAMLRequest getRequestAutorizacion(String user, SAMLSubject subject)
        throws Exception{
       
        String recurso = "http://lampson.das.ufsc.br:8080/biblioteca2/paper";
        SAMLSubject suj = (SAMLSubject)subject.clone();
        SAMLAssertion assertion = aut.getAttributeAssertion(user, suj);
        SAMLAuthorizationDecisionQuery query =
            new SAMLAuthorizationDecisionQuery();
        SAMLAction action = "new" SAMLAction();
        // configuro el action
        action.setData("Read");
        action.setNamespace(SAMLAction.SAML_ACTION_NAMESPACE_RWEDC);
        // configuro el query
        query.setSubject((SAMLSubject)subject.clone());
        query.addAction(action);
        query.setResource(recurso);
        query.addEvidence(assertion);
        // creo el request
        SAMLRequest request = new SAMLRequest(null, query, null, null);
        Authority.firmar(request);
        Util.logger("QueryWSE", request.toString());
        Util.logger("QueryWSE", "Comprueba?:" + Boolean.toString(comprobar(request)));
        return request;
    }

The request is:

<Request xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2004-06-26T18:36:31.241Z" MajorVersion="1" MinorVersion="1" RequestID="bcc3e5e62b862123b15384a2cd911d65"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#bcc3e5e62b862123b15384a2cd911d65">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default code ds kind rw saml samlp typens"></ec:InclusiveNamespaces></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>0EGgKfmQ8WkNSvOFthNLCb385YQ=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
rfIJ7hSVHciZjrzbJwP4demdaFnuJX7JsftTaWk75AMqL7r6MlS85aP78IDlv0ratJTOJdwT4E7L
9Kt1AdZng32ZpoV9ZuG8wmGsaZcG/fAmVV7H66/A/inS8/tYgoVnsekY6+llAyCVRFd4u67spTpn
CWtKef+IHQl1KRwXK1g=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIICgjCCAesCBEDHqGAwDQYJKoZIhvcNAQEEBQAwgYcxCzAJBgNVBAYTAkJSMQswCQYDVQQIEwJT
QzEWMBQGA1UEBxMNRmxvcmlhbm9wb2xpczEvMC0GA1UEChMmVW5pdmVyc2lkYWRlIEZlZGVyYWwg
ZGUgU2FudGEgQ2F0YXJpbmExDTALBgNVBAsTBExDTUkxEzARBgNVBAMTCkJpYmxpb3RlY2EwHhcN
MDQwNjEwMDAxNjMyWhcNMDQxMjA3MDAxNjMyWjCBhzELMAkGA1UEBhMCQlIxCzAJBgNVBAgTAlND
MRYwFAYDVQQHEw1GbG9yaWFub3BvbGlzMS8wLQYDVQQKEyZVbml2ZXJzaWRhZGUgRmVkZXJhbCBk
ZSBTYW50YSBDYXRhcmluYTENMAsGA1UECxMETENNSTETMBEGA1UEAxMKQmlibGlvdGVjYTCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7/76y8HsCCQQXY8xxHIyKgwFRz0X9f6Sa5D+2pAQcYSb
zbhIBB5QPakwmMYx8MyzF7+fafxnZWup4K4nzQltlrLKcJ4rs6uYX39Ie5zOdirdUzufnUqbWy6s
Ov9+vbrmydO65m1+v2qJJ6sfK1aUdgJOY1XU/asabZd6/nJMdj8CAwEAATANBgkqhkiG9w0BAQQF
AAOBgQAni/clmcORgkk3juwWeHkc17WUxNrZoUXgPPDpkoduGIn2l9jvW8C344zIVuqAluCnyz43
G2QrB8yIy9jQDDG7VBulPC7zC9A+775n2y+mvX5OEkXXnD0OWZ2wXRJpGSD5wS5Jnfo9oycZvlSl
N/Hc73d6rMwbx+5FoC6T1XPZUw==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo></ds:Signature><AuthorizationDecisionQuery Resource="http://lampson.das.ufsc.br:8080/biblioteca2/paper"><Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion"><NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" NameQualifier="http://lampson.das.ufsc.br:8080/biblioteca1">CN=, OU=, O=Universidade Federal de Santa Catarina, L=Florianopolis, ST=SC, C=br</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</ConfirmationMethod><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
p4AoDrZrkC0APrU6OCVdgETYu3XluSHsQscL111AAUjTNv3MOZHqurPCGydHRdhFqcplmO4XV4KS
BngYbAFVjiMq5XCh14t6pwnvk2R5QUQoTdvHGZbAqKyROHtN9erhnJ5ga4qkcRI8qMEoH0JJtO5q
bSt51y+pn/hLe8DScMk=
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo></SubjectConfirmation></Subject><Action xmlns="urn:oasis:names:tc:SAML:1.0:assertion" Namespace="urn:oasis:names:tc:SAML:1.0:action:rwedc">Read</Action><Evidence xmlns="urn:oasis:names:tc:SAML:1.0:assertion"><Assertion AssertionID="eb6ab9611eba3d7821ca51e90189d2bc" IssueInstant="2004-06-26T18:36:31.014Z" Issuer="biblioteca1" MajorVersion="1" MinorVersion="1"><Conditions NotBefore="2004-06-26T18:36:31.014Z" NotOnOrAfter="2004-06-26T19:06:31.014Z"></Conditions><AttributeStatement><Subject><NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" NameQualifier="http://lampson.das.ufsc.br:8080/biblioteca1">CN=, OU=, O=Universidade Federal de Santa Catarina, L=Florianopolis, ST=SC, C=br</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</ConfirmationMethod><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
p4AoDrZrkC0APrU6OCVdgETYu3XluSHsQscL111AAUjTNv3MOZHqurPCGydHRdhFqcplmO4XV4KS
BngYbAFVjiMq5XCh14t6pwnvk2R5QUQoTdvHGZbAqKyROHtN9erhnJ5ga4qkcRI8qMEoH0JJtO5q
bSt51y+pn/hLe8DScMk=
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo></SubjectConfirmation></Subject><Attribute AttributeName="username" AttributeNamespace="http://lampson.das.ufsc.br:8080/biblioteca1"><AttributeValue>lector1</AttributeValue></Attribute><Attribute AttributeName="full-name" AttributeNamespace="http://lampson.das.ufsc.br:8080/biblioteca1"><AttributeValue>Fulano Perez</AttributeValue></Attribute><Attribute AttributeName="isAutor" AttributeNamespace="http://lampson.das.ufsc.br:8080/biblioteca1"><AttributeValue>false</AttributeValue></Attribute><Attribute AttributeName="isLector" AttributeNamespace="http://lampson.das.ufsc.br:8080/biblioteca1"><AttributeValue>true</AttributeValue></Attribute><Attribute AttributeName="isMember" AttributeNamespace="http://lampson.das.ufsc.br:8080/biblioteca1"><AttributeValue>false</AttributeValue></Attribute></AttributeStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#eb6ab9611eba3d7821ca51e90189d2bc">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default code ds kind rw saml samlp typens"></ec:InclusiveNamespaces></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>BxKeT0WpCTlOyEaLo2q28t2Mynk=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
e80Tmbzz3KcNsZQUKrBIXCzcsGmZxQaB8eTSFRvf591PblK6I3uUd9jxHG+ia3DHK4fqaCcJe/Mc
uJW+yWgnVmItM1dNVQSeAlsgFLPuyToibGuKEHbJiSBkEhRK+FFHyUq+/oVU9ZjmyhdP+Vfy9tlG
N9TVQYyqeuTetK7kwZQ=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIICgjCCAesCBEDHqGAwDQYJKoZIhvcNAQEEBQAwgYcxCzAJBgNVBAYTAkJSMQswCQYDVQQIEwJT
QzEWMBQGA1UEBxMNRmxvcmlhbm9wb2xpczEvMC0GA1UEChMmVW5pdmVyc2lkYWRlIEZlZGVyYWwg
ZGUgU2FudGEgQ2F0YXJpbmExDTALBgNVBAsTBExDTUkxEzARBgNVBAMTCkJpYmxpb3RlY2EwHhcN
MDQwNjEwMDAxNjMyWhcNMDQxMjA3MDAxNjMyWjCBhzELMAkGA1UEBhMCQlIxCzAJBgNVBAgTAlND
MRYwFAYDVQQHEw1GbG9yaWFub3BvbGlzMS8wLQYDVQQKEyZVbml2ZXJzaWRhZGUgRmVkZXJhbCBk
ZSBTYW50YSBDYXRhcmluYTENMAsGA1UECxMETENNSTETMBEGA1UEAxMKQmlibGlvdGVjYTCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7/76y8HsCCQQXY8xxHIyKgwFRz0X9f6Sa5D+2pAQcYSb
zbhIBB5QPakwmMYx8MyzF7+fafxnZWup4K4nzQltlrLKcJ4rs6uYX39Ie5zOdirdUzufnUqbWy6s
Ov9+vbrmydO65m1+v2qJJ6sfK1aUdgJOY1XU/asabZd6/nJMdj8CAwEAATANBgkqhkiG9w0BAQQF
AAOBgQAni/clmcORgkk3juwWeHkc17WUxNrZoUXgPPDpkoduGIn2l9jvW8C344zIVuqAluCnyz43
G2QrB8yIy9jQDDG7VBulPC7zC9A+775n2y+mvX5OEkXXnD0OWZ2wXRJpGSD5wS5Jnfo9oycZvlSl
N/Hc73d6rMwbx+5FoC6T1XPZUw==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo></ds:Signature></Assertion></Evidence></AuthorizationDecisionQuery></Request>