OpenSAML user discussion

["Scott Cantor" <>]

> Fantastic.  That's what I was looking for.  I just got finished reading
> through the XML-Sec info.  From the look of it, everything is basically
> taken care of through the XML-Sec library.  Is that right?

Most of it (the hard parts), but I check the transform set to insure the
SAML 1.1 profile is followed.

I'd note that Shibboleth provides a self-contained library (libshib) plus
plugins that support higher level notions of trust and token validation that
you might want to tap.

> Ok.  I understand the idea behind leveraging the existing error handling,
> but from the look of the SAMLException it doesn't seem to handle the SAML
> Status message structure as described in the documentation.

I think the Java one is pretty close. The C++ one might be missing some
things.
  
> From the API, it doesn't look like a SAMLException can account for a
> heirarchical status response like this.

Yes, it does.

> The SAMLException seems to have a
> "single-level" approach to status codes where they are all stored in a
> Collection.

Same thing. Whether you nest or sequence is a semantic distinction, but it's
not much of one technically. I modeled it as a simple collection for ease of
use, but it's an ordered sequence that matches the nesting.

> Unless...are child-StatusCode elements translated into embedded
> exceptions within the SAMLException class?

No, I saw no need to do it that way.

> But then I also don't see
> functionality for maintaining the StatusDetail element, only the
> StatusMessage?

I believe the Java supports it, but the C++ may not. It's technically
possibly to fully implement all the setter methods I added to the Java, but
I didn't need them and it's time consuming to do them, so I didn't fully
propagate all that.

-- Scott