Skip to Content.
Sympa Menu

mace-opensaml-users - Bug report: SAML11b / Subject

Subject: OpenSAML user discussion

List archive

Bug report: SAML11b / Subject

Chronological Thread 
  • From: "Cristian Opincaru" <>
  • To:
  • Subject: Bug report: SAML11b / Subject
  • Date: Tue, 31 Oct 2006 11:51:00 +0100
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta;; h=received:message-id:date:from:to:subject:mime-version:content-type; b=DeAiTQCdquxDNFAGLv+oxEnqtvdU7ypKREia3wLSkK/b0e6sOElyPXlAP1tzGLncU+0WvH8Bp7/xJcSx0HpbbtMpFHkgN370+gH+eTGOKpBHQSNTmwWFyqiqAFD2VjNn2zfZ2pB9uBBeMoUh4CsOUFnguarxxNOrRBtHICLsy9w=


When reconstructing a SAML Subject from DOM, the subject is invalid if does not have a Named Subject. However, the standards says that it must have at least one of NamedIdentifier, ConfirmationMethod.

I fixed this (added the 2 lines in red in fromDOM), and attached the new file. Hope this helps!

public void fromDOM(Element e) throws SAMLException {

        if (config.getBooleanProperty("org.opensaml.strict-dom-checking") && !XML.isElementNamed(e, XML.SAML_NS,"Subject"))
            throw new MalformedException("SAMLSubject.fromDOM() requires saml:Subject at root");

        // Look for NameIdentifier.
        Element n = XML.getFirstChildElement (e, XML.SAML_NS, "NameIdentifier");
        if (n != null) {
            nameId = (SAMLNameIdentifier)SAMLNameIdentifier.getInstance(n).setParent(this);
            n = XML.getNextSiblingElement(n);
        } else
            n = XML.getFirstChildElement(e, XML.SAML_NS, "SubjectConfirmation");

        // Look for SubjectConfirmation.
        if (n != null && XML.isElementNamed(n, XML.SAML_NS, "SubjectConfirmation")) {
            // Iterate over ConfirmationMethods.
            Element n2 = XML.getFirstChildElement(n);
            while (n2 != null && XML.isElementNamed(n2, XML.SAML_NS, "ConfirmationMethod") && n2.hasChildNodes()) {


University of the Federal Armed Forces Munich

Description: Binary data

Archive powered by MHonArc 2.6.16.

Top of Page