Subject: OpenSAML user discussion
List archive
- From: Jaime Pérez Crespo <>
- To:
- Subject: Re: Problem signing metadata
- Date: Fri, 14 Dec 2007 09:44:07 +0100
Hi Chad,
It's java 1.5 on an OSX Leopard... El 13/12/2007, a las 18:34, Chad La Joie escribió: Which version of Java are you using?
Jaime Pérez Crespo wrote:
Hi all,
I'm working on the eduGAIN integration with OpenSAML2, specifically, with the part involving signing and validating documents. I've coded the signature method and I'm trying to test it with a metadata document we are using at our metadata server. This is the code I'm using to sign objects:
Signature signature = new SignatureBuilder().buildObject();
signature.setSigningCredential(this.credential);
signature.setSignatureAlgorithm(this.signaturealg);
signature.setCanonicalizationAlgorithm(this.canonicalizationalg);
obj.setSignature(signature);
Marshaller marshaller;
MarshallerFactory mfact = Configuration.getMarshallerFactory();
marshaller = mfact.getMarshaller(obj);
try {
marshaller.marshall(obj);
} catch (MarshallingException ex) {
this.log.error("error while signing SAML object: "+ex.getLocalizedMessage());
throw new ValidationException("error while signing SAML Object: "+ex.getLocalizedMessage());
}
Signer.signObject(signature);
note that "obj" is a "SignableSAMLObject".
Now, when my signing code reaches the marshaller, I get the following exception:
Exception in thread "main" java.lang.NullPointerException
at java.util.TreeMap.compare(TreeMap.java:1093)
at java.util.TreeMap.put(TreeMap.java:465)
at java.util.TreeSet.add(TreeSet.java:210)
at java.util.AbstractCollection.addAll(AbstractCollection.java:318)
at java.util.TreeSet.addAll(TreeSet.java:258)
at java.util.TreeSet.<init>(TreeSet.java:143)
at org.apache.xml.security.transforms.params.InclusiveNamespaces.<init>(Unknown Source)
at org.opensaml.common.impl.SAMLObjectContentReference.processExclusiveTransform(SAMLObjectContentReference.java:172)
at org.opensaml.common.impl.SAMLObjectContentReference.createReference(SAMLObjectContentReference.java:142)
at org.opensaml.xml.signature.impl.SignatureMarshaller.createSignatureElement(SignatureMarshaller.java:114)
at org.opensaml.xml.signature.impl.SignatureMarshaller.marshall(SignatureMarshaller.java:69)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:317)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:225)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:131)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:87)
at net.geant.edugain.validation.SAMLSigner.sign(SAMLSigner.java:242)
SAMLSigner.java:242 is:
marshaller.marshall(obj);
And this is the document I'm trying to sign:
<md:EntityDescriptor ID="rediris" entityID="urn:geant:edugain:component:be:rediris:rediris.es">
<md:IDPSSODescriptor ID="idp1" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0 urn:geant:edugain:protocol:1.0">
<md:NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="http://serrano.rediris.es:8080/PAPIWebSSORequestListener/request"/>
<saml:Attribute Name="eduPersonPrincipalName"/>
</md:IDPSSODescriptor>
<md:AttributeAuthorityDescriptor ID="aa1" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
<md:AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="http://serrano.rediris.es:8080/SAMLSOAPReceiver"/>
<md:NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</md:NameIDFormat>
<saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonPrincipalName"/>
<saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
<saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonEntitlement"/>
<saml:Attribute Name="urn:mace:dir:attribute-def:preferredLanguage"/>
<saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonTargetedId"/>
<saml:Attribute Name="urn:mace:dir:attribute-def:sn"/>
<saml:Attribute Name="urn:mace:terena.org:schac:schacsn1"/>
<saml:Attribute Name="urn:mace:terena.org:schac:schacsn2"/>
</md:AttributeAuthorityDescriptor>
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
<md:NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://serrano.rediris.es:8080/PAPIWebSSOResponseListener/request" index="1" isDefault="true"/>
<!-- /response= -->
</md:SPSSODescriptor>
<egmd:OnlineCADescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0">
<egmd:OnlineCAService Location="homer.rediris.es:4088">
<md:ServiceName xml:lang="en">SASL CA Test</md:ServiceName>
<md:ServiceDescription xml:lang="en">SASL CA test online CA service interface</md:ServiceDescription>
</egmd:OnlineCAService>
</egmd:OnlineCADescriptor>
<md:Organization>
<md:Extensions>
<eghl:HLPattern eghl:MatchingAlgo="urn:geant:edugain:homelocator:matching-algo:exact" eghl:Type="AuthenticationMethod">password</eghl:HLPattern>
<eghl:HLPattern eghl:MatchingAlgo="urn:geant:edugain:homelocator:matching-algo:postfix" eghl:Type="HomeDomain">rediris.es</eghl:HLPattern>
</md:Extensions>
<md:OrganizationName xml:lang="en">RedIRIS</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">RedIRIS (Spain)</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en">http://www.rediris.es</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="technical">
<md:GivenName>Ajay</md:GivenName>
<md:SurName>Daryanani</md:SurName>
<md:EmailAddress> <></md:EmailAddress>
<md:TelephoneNumber> 34 91 2127620</md:TelephoneNumber>
</md:ContactPerson>
</md:EntityDescriptor>
Any idea on what can be happening?
Thanks in advance.
Regards,
--
Jaime Pérez Crespo
Middleware Engineer
red.es / RedIRIS NREN
<>
<>
http://www.rediris.es <http://www.rediris.es/>
-- SWITCH Serving Swiss Universities -------------------------- Chad La Joie, Software Engineer, Security Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 75, fax +41 44 268 15 68 , http://www.switch.ch
|
Archive powered by MHonArc 2.6.16.