Skip to Content.
Sympa Menu

mace-opensaml-users - exception creating CredentialResolver (C++)

Subject: OpenSAML user discussion

List archive

exception creating CredentialResolver (C++)


Chronological Thread 
  • From: "Brian Sheely" <>
  • To: <>
  • Subject: exception creating CredentialResolver (C++)
  • Date: Fri, 2 Nov 2007 12:13:58 -0700

I'm having some difficulty with signature validation. If I understand the code correctly, validation of the signature in a SAML response is done via a SignatureValidator which requires that its Credential be set. A Credential is obtained via a CredentialResolver. I'm attempting to create a CredentialResolver using the same code found in the buildSimpleResolver function in samlsign.cpp. In my case, the parameter that I pass in is the cert parameter which, I assume, is the value of the IdP's X509 Certificate.  However, I'm getting an exception when I try to create the CredentialResolver

 

try {

      CredentialResolver* resolver =       XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER, root);

}

 

I tried adding XMLToolingConfig::getConfig().init(), but that wasn't the issue. Once I have a CredentialResolver, my plan was to use the following code to validate the response:

 

CredentialCriteria criteria;

criteria.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);

const Credential* credential = resolver->resolve(&criteria);

SignatureValidator signatureValidator;

signatureValidator.setCredential(credential);

unsigned length;

XMLByte* decoded = Base64::decode(reinterpret_cast<const XMLByte*>(response), &length);

istringstream is(reinterpret_cast<char*>(decoded));

XMLString::release(&decoded);

DOMDocument* doc = XMLToolingConfig::getConfig().getParser().parse(is);

XMLObject* xmlObject = XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true);

 

try {

      signatureValidator.validate(xmlObject);

}

 

1) Is this the proper approach?

2) Any ideas on what am I not doing correctly in creating the CredentialResolver?

 

Thanks in advance!

 

Brian Sheely

 

 




Archive powered by MHonArc 2.6.16.

Top of Page