Skip to Content.
Sympa Menu

mace-opensaml-users - Re: signed assertions in <Evidence> in <AuthorizationDecisionStatement>

Subject: OpenSAML user discussion

List archive

Re: signed assertions in <Evidence> in <AuthorizationDecisionStatement>


Chronological Thread 
  • From: Giandomenico Napolitano <>
  • To:
  • Subject: Re: signed assertions in <Evidence> in <AuthorizationDecisionStatement>
  • Date: Wed, 3 Aug 2005 15:10:36 +0200

On 03/ago/05, at 04:43, Scott Cantor wrote:
Unfortunately, there's not a quick easy way to get the assertion moved over
without losing the signature. All you can really do to maintain the
signature is round trip the assertion back into XML with toString() and then
back into a fresh SAMLAssertion object. That will include the signature and
the new object won't be owned by anything (except your program).

You cannot under any circumstances add an object you don't own to another
object. Cloning would be the normal way to deal with this, but the Apache
library doesn't really give me a clean way to copy the signature. Probably
could do it with a bit of XML munging, just hadn't come up. So you have to
do it via XML to keep it intact.

invoking method cloneNode(true) from interface org.w3c.dom.Node worked for me.
I'm using Sun J2SE 1.5.0, so YMMV.

sample code:

SAMLAssertion original = ...
Element e = (Element) original.toDOM();
Element ne = (Element) e.cloneNode(true);
SAMLAssertion copy = new SAMLAssertion(ne);



Archive powered by MHonArc 2.6.16.

Top of Page