mace-opensaml-users - Re: signed assertions in <Evidence> in <AuthorizationDecisionStatement>
Subject: OpenSAML user discussion
List archive
- From: Giandomenico Napolitano <>
- To:
- Subject: Re: signed assertions in <Evidence> in <AuthorizationDecisionStatement>
- Date: Wed, 3 Aug 2005 15:10:36 +0200
On 03/ago/05, at 04:43, Scott Cantor wrote:
Unfortunately, there's not a quick easy way to get the assertion moved over
without losing the signature. All you can really do to maintain the
signature is round trip the assertion back into XML with toString() and then
back into a fresh SAMLAssertion object. That will include the signature and
the new object won't be owned by anything (except your program).
You cannot under any circumstances add an object you don't own to another
object. Cloning would be the normal way to deal with this, but the Apache
library doesn't really give me a clean way to copy the signature. Probably
could do it with a bit of XML munging, just hadn't come up. So you have to
do it via XML to keep it intact.
invoking method cloneNode(true) from interface org.w3c.dom.Node worked for me.
I'm using Sun J2SE 1.5.0, so YMMV.
sample code:
SAMLAssertion original = ...
Element e = (Element) original.toDOM();
Element ne = (Element) e.cloneNode(true);
SAMLAssertion copy = new SAMLAssertion(ne);
- signed assertions in <Evidence> in <AuthorizationDecisionStatement>, Giandomenico Napolitano, 08/02/2005
- RE: signed assertions in <Evidence> in <AuthorizationDecisionStatement>, Scott Cantor, 08/02/2005
- RE: signed assertions in <Evidence> in <AuthorizationDecisionStatement>, Scott Cantor, 08/02/2005
- Re: signed assertions in <Evidence> in <AuthorizationDecisionStatement>, Giandomenico Napolitano, 08/03/2005
- RE: signed assertions in <Evidence> in <AuthorizationDecisionStatement>, Scott Cantor, 08/03/2005
- Re: signed assertions in <Evidence> in <AuthorizationDecisionStatement>, Giandomenico Napolitano, 08/03/2005
Archive powered by MHonArc 2.6.16.