OpenSAML user discussion

["Paul Hethmon" <>]

Ok. I changed the opensaml.jar build to use dateTimeNoMillis() instead
of dateTime() for the elements in my Response. Google accepted it fine.
For the record I changed the following files:

org.opensaml.saml2.core.impl.

AssertionMarshaller.java
AuthnStatementMarshaller.java
ConditionsMarshaller.java
StatusResponseTypeMarshaller.java
SubjectConfirmationDataMarshaller.java

That is obviously only what I needed to change and I'm sure plenty of
other files use the ISODateTimeFormat.dateTime() method to format those
timestamps.

The other thing I had to do was remove the ":" (colon) character from my
ID attribute values. That evidently breaks them also.

I don't think anything else I changed had anything to do with getting it
to work. I had played with the c14n stuff a bit.

If someone is trying to integrate with them and gets stuck, feel free to
drop me a line and I can share my code that does work.

thanks,

Paul


-----Original Message-----
From: Paul Hethmon 
[mailto:]
 
Sent: Tuesday, August 07, 2007 8:42 PM
To: 

Subject: RE: More Google Fun

You know, I pretty well figured that was the answer, but thought it
worth asking.

I'll change my copy, build and give it a try and let everyone know the
outcome.

thanks,

Paul



-----Original Message-----
From: Chad La Joie 
[mailto:]
Sent: Tue 8/7/2007 8:38 PM
To: 

Subject: Re: More Google Fun
 
No, afraid not.

It's unfortunate that they have such a poor SAML implementation.

Paul Hethmon wrote:
> Ok. So now Google is telling me to drop the milliseconds part of 
> timestamps used in the SAML Response. I don't see an easy way to 
> accomplish that short of mucking with each individual class. Obviously

> the spec allows milliseconds to be presented, but I also know I can 
> change my code a heck of a lot faster than Google ever will.
> 
> Any thoughts?
> 
> thanks,
> 
> Paul
> 

-- 
Chad La Joie             2052-C Harris Bldg
OIS-Middleware           202.687.0124