OpenSAML user discussion

["Scott Cantor" <>]

> If, however, I clone the node before feeding it to SAMLAssertion 
> constructor, I do not get this problem. Anyway to avoid cloning? what 
> could be happening here and why is cloning solving this problem?

I'd have to see the code, the line of code you posted doesn't really seem to
even connect to this use case since it's a serializing call, not a
constructive call.

Cloning is always necessary if you want to use the same object in two
different contexts. Think of it physically, you can't put one jellybean in
two jars. The next version I'll probably implement back-pointers so I can
detect when people try this.

As far as messing with SOAP, I use c14n when I serialize, though I think the
version released actually used inclusive for some reason. But anyway, if
something is changing the SOAP DOM, it's not me, it's the c14n code.

> 2. The IssuerInstant is created in GMT, the OASIS (SAML) V1.1 Standard, 
> 2 September 2003 document states that it should be in UTC. 

Umm...aren't they the same? Finding info online about it isn't that easy,
but I was under the impression they matched.

> and 220 (pg 7) in the spec. Perhaps 
> org.opensaml.SAMLAssertion line 288 
> should be modified to:
> 
> formatter.setTimeZone(TimeZone.getTimeZone("GMT"));

I think you meant to propose something else. That's what the code is now. I
didn't think "UTC" was an option there, but I don't know offhand why I
thought that.

-- Scott