OpenSAML user discussion

[Jaime Pérez Crespo <>]

Hi Chad,

It's java 1.5 on an OSX Leopard...

El 13/12/2007, a las 18:34, Chad La Joie escribió:

Which version of Java are you using?

Jaime Pérez Crespo wrote:

Hi all,

I'm working on the eduGAIN integration with OpenSAML2, specifically, with the part involving signing and validating documents. I've coded the signature method and I'm trying to test it with a metadata document we are using at our metadata server. This is the code I'm using to sign objects:

           Signature signature = new SignatureBuilder().buildObject();

           signature.setSigningCredential(this.credential);

           signature.setSignatureAlgorithm(this.signaturealg);

           signature.setCanonicalizationAlgorithm(this.canonicalizationalg);

           obj.setSignature(signature);

           Marshaller marshaller;

           MarshallerFactory mfact = Configuration.getMarshallerFactory();

           marshaller = mfact.getMarshaller(obj);

           try {

               marshaller.marshall(obj);

           } catch (MarshallingException ex) {

               this.log.error("error while signing SAML object: "+ex.getLocalizedMessage());

               throw new ValidationException("error while signing SAML Object: "+ex.getLocalizedMessage());

           }

           Signer.signObject(signature);

note that "obj" is a "SignableSAMLObject".

Now, when my signing code reaches the marshaller, I get the following exception:

Exception in thread "main" java.lang.NullPointerException

       at java.util.TreeMap.compare(TreeMap.java:1093)

       at java.util.TreeMap.put(TreeMap.java:465)

       at java.util.TreeSet.add(TreeSet.java:210)

       at java.util.AbstractCollection.addAll(AbstractCollection.java:318)

       at java.util.TreeSet.addAll(TreeSet.java:258)

       at java.util.TreeSet.<init>(TreeSet.java:143)

       at org.apache.xml.security.transforms.params.InclusiveNamespaces.<init>(Unknown Source)

       at org.opensaml.common.impl.SAMLObjectContentReference.processExclusiveTransform(SAMLObjectContentReference.java:172)

       at org.opensaml.common.impl.SAMLObjectContentReference.createReference(SAMLObjectContentReference.java:142)

       at org.opensaml.xml.signature.impl.SignatureMarshaller.createSignatureElement(SignatureMarshaller.java:114)

       at org.opensaml.xml.signature.impl.SignatureMarshaller.marshall(SignatureMarshaller.java:69)

       at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:317)

       at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:225)

       at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:131)

       at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:87)

       at net.geant.edugain.validation.SAMLSigner.sign(SAMLSigner.java:242)

SAMLSigner.java:242 is:

marshaller.marshall(obj);

And this is the document I'm trying to sign:

<md:EntityDescriptor ID="rediris" entityID="urn:geant:edugain:component:be:rediris:rediris.es">

<md:IDPSSODescriptor ID="idp1" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0 urn:geant:edugain:protocol:1.0">

<md:NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</md:NameIDFormat>

<md:SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="http://serrano.rediris.es:8080/PAPIWebSSORequestListener/request"/>

<saml:Attribute Name="eduPersonPrincipalName"/>

</md:IDPSSODescriptor>

<md:AttributeAuthorityDescriptor ID="aa1" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">

<md:AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="http://serrano.rediris.es:8080/SAMLSOAPReceiver"/>

<md:NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</md:NameIDFormat>

<saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonPrincipalName"/>

<saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonAffiliation"/>

<saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonEntitlement"/>

<saml:Attribute Name="urn:mace:dir:attribute-def:preferredLanguage"/>

<saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonTargetedId"/>

<saml:Attribute Name="urn:mace:dir:attribute-def:sn"/>

<saml:Attribute Name="urn:mace:terena.org:schac:schacsn1"/>

<saml:Attribute Name="urn:mace:terena.org:schac:schacsn2"/>

</md:AttributeAuthorityDescriptor>

<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">

<md:NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</md:NameIDFormat>

<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="http://serrano.rediris.es:8080/PAPIWebSSOResponseListener/request" index="1" isDefault="true"/>

<!-- /response= -->

</md:SPSSODescriptor>

<egmd:OnlineCADescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0">

<egmd:OnlineCAService Location="homer.rediris.es:4088">

<md:ServiceName xml:lang="en">SASL CA Test</md:ServiceName>

<md:ServiceDescription xml:lang="en">SASL CA test online CA service interface</md:ServiceDescription>

</egmd:OnlineCAService>

</egmd:OnlineCADescriptor>

<md:Organization>

<md:Extensions>

<eghl:HLPattern eghl:MatchingAlgo="urn:geant:edugain:homelocator:matching-algo:exact" eghl:Type="AuthenticationMethod">password</eghl:HLPattern>

<eghl:HLPattern eghl:MatchingAlgo="urn:geant:edugain:homelocator:matching-algo:postfix" eghl:Type="HomeDomain">rediris.es</eghl:HLPattern>

</md:Extensions>

<md:OrganizationName xml:lang="en">RedIRIS</md:OrganizationName>

<md:OrganizationDisplayName xml:lang="en">RedIRIS (Spain)</md:OrganizationDisplayName>

<md:OrganizationURL xml:lang="en">http://www.rediris.es</md:OrganizationURL>

</md:Organization>

<md:ContactPerson contactType="technical">

<md:GivenName>Ajay</md:GivenName>

<md:SurName>Daryanani</md:SurName>

<md:EmailAddress> <></md:EmailAddress>

<md:TelephoneNumber> 34 91 2127620</md:TelephoneNumber>

</md:ContactPerson>

</md:EntityDescriptor>

Any idea on what can be happening?

Thanks in advance.

Regards,

--

Jaime Pérez Crespo

Middleware Engineer

red.es / RedIRIS NREN

<>

<>

http://www.rediris.es <http://www.rediris.es/>

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
, http://www.switch.ch

--

Jaime Pérez Crespo
Middleware Engineer
red.es / RedIRIS NREN



http://www.rediris.es