Skip to Content.
Sympa Menu

mace-opensaml-users - Problem signing metadata

Subject: OpenSAML user discussion

List archive

Problem signing metadata


Chronological Thread 
  • From: Jaime Pérez Crespo <>
  • To:
  • Subject: Problem signing metadata
  • Date: Thu, 13 Dec 2007 18:08:50 +0100
Hi all,

I'm working on the eduGAIN integration with OpenSAML2, specifically, with the part involving signing and validating documents. I've coded the signature method and I'm trying to test it with a metadata document we are using at our metadata server. This is the code I'm using to sign objects:

            Signature signature = new SignatureBuilder().buildObject();
            signature.setSigningCredential(this.credential);
            signature.setSignatureAlgorithm(this.signaturealg);
            signature.setCanonicalizationAlgorithm(this.canonicalizationalg);
            obj.setSignature(signature);

            Marshaller marshaller;
            MarshallerFactory mfact = Configuration.getMarshallerFactory();
            marshaller = mfact.getMarshaller(obj);
            try {
                marshaller.marshall(obj);
            } catch (MarshallingException ex) {
                this.log.error("error while signing SAML object: "+ex.getLocalizedMessage());
                throw new ValidationException("error while signing SAML Object: "+ex.getLocalizedMessage());
            }
            Signer.signObject(signature);

note that "obj" is a "SignableSAMLObject".

Now, when my signing code reaches the marshaller, I get the following exception:

Exception in thread "main" java.lang.NullPointerException
        at java.util.TreeMap.compare(TreeMap.java:1093)
        at java.util.TreeMap.put(TreeMap.java:465)
        at java.util.TreeSet.add(TreeSet.java:210)
        at java.util.AbstractCollection.addAll(AbstractCollection.java:318)
        at java.util.TreeSet.addAll(TreeSet.java:258)
        at java.util.TreeSet.<init>(TreeSet.java:143)
        at org.apache.xml.security.transforms.params.InclusiveNamespaces.<init>(Unknown Source)
        at org.opensaml.common.impl.SAMLObjectContentReference.processExclusiveTransform(SAMLObjectContentReference.java:172)
        at org.opensaml.common.impl.SAMLObjectContentReference.createReference(SAMLObjectContentReference.java:142)
        at org.opensaml.xml.signature.impl.SignatureMarshaller.createSignatureElement(SignatureMarshaller.java:114)
        at org.opensaml.xml.signature.impl.SignatureMarshaller.marshall(SignatureMarshaller.java:69)
        at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:317)
        at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:225)
        at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:131)
        at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:87)
        at net.geant.edugain.validation.SAMLSigner.sign(SAMLSigner.java:242)

SAMLSigner.java:242 is:

marshaller.marshall(obj);

And this is the document I'm trying to sign:

<md:EntityDescriptor ID="rediris" entityID="urn:geant:edugain:component:be:rediris:rediris.es">
<md:IDPSSODescriptor ID="idp1" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0 urn:geant:edugain:protocol:1.0">
<md:NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="http://serrano.rediris.es:8080/PAPIWebSSORequestListener/request"/>
<saml:Attribute Name="eduPersonPrincipalName"/>
</md:IDPSSODescriptor>
<md:AttributeAuthorityDescriptor ID="aa1" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
<md:AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="http://serrano.rediris.es:8080/SAMLSOAPReceiver"/>
<md:NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</md:NameIDFormat>
<saml:Attribute Name="urn:mace:dir:attribute-def:sn"/>
<saml:Attribute Name="urn:mace:terena.org:schac:schacsn1"/>
<saml:Attribute Name="urn:mace:terena.org:schac:schacsn2"/>
</md:AttributeAuthorityDescriptor>
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
<md:NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://serrano.rediris.es:8080/PAPIWebSSOResponseListener/request" index="1" isDefault="true"/>
<!-- /response= -->
</md:SPSSODescriptor>
<egmd:OnlineCADescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0">
<egmd:OnlineCAService Location="homer.rediris.es:4088">
<md:ServiceName xml:lang="en">SASL CA Test</md:ServiceName>
<md:ServiceDescription xml:lang="en">SASL CA test online CA service interface</md:ServiceDescription>
</egmd:OnlineCAService>
</egmd:OnlineCADescriptor>
<md:Organization>
<md:Extensions>
<eghl:HLPattern eghl:MatchingAlgo="urn:geant:edugain:homelocator:matching-algo:exact" eghl:Type="AuthenticationMethod">password</eghl:HLPattern>
<eghl:HLPattern eghl:MatchingAlgo="urn:geant:edugain:homelocator:matching-algo:postfix" eghl:Type="HomeDomain">rediris.es</eghl:HLPattern>
</md:Extensions>
<md:OrganizationName xml:lang="en">RedIRIS</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">RedIRIS (Spain)</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en">http://www.rediris.es</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="technical">
<md:GivenName>Ajay</md:GivenName>
<md:SurName>Daryanani</md:SurName>
<md:EmailAddress></md:EmailAddress>
<md:TelephoneNumber> 34 91 2127620</md:TelephoneNumber>
</md:ContactPerson>
</md:EntityDescriptor>

Any idea on what can be happening?

Thanks in advance.

Regards,

--
Jaime Pérez Crespo
Middleware Engineer
red.es / RedIRIS NREN



http://www.rediris.es





Archive powered by MHonArc 2.6.16.

Top of Page