OpenSAML user discussion

[Brent Putman <>]

Hello Xavier,

Yes, you are correct, it fell through the cracks and is unfortunately 
not implemented.  It probably won't be for 2.0, as we are in release 
candidate stage and the feature set is pretty much frozen at this point 
(unless we decide to make an exception for this, since it's more of a 
plug-in).  I think we will still implement though, eventually, it's not 
terribly complex.

I would ask and suggest though: Whose credentials were you looking at 
needing to manage with this resolver?  If the relying parties' keys (for 
any of signature verification; TLS authentication; and encrypting to 
them) then you might want to look instead at the java-opensaml2 
MetadataCredentialResolver, based on SAML 2 metadata.  That's a more 
standard way of doing this in SAML.

If it's just for your own local credential(s) for signing (and client 
TLS and/or possibly decrypting ), that's usually a bit easier to handle 
with your own app code, since it's a small number of keys (often in 
reality 1) and you know implicitly who owns them (you're usually not 
really "resolving" anything ).  Note we also have a 
KeystoreCredResolver,  which just wraps a standard Java keystore, which 
could be used for that purpose easily.

--Brent


Xavier Drudis Ferran wrote:
> Hello. 
>
> I'm completely new to SAML and openSAML, but it looks as I 
> needed something very close to 
> org.opensaml.xml.security.credential.FilesystemCredentialResolver
> So I set up to use it but it won't work. 
>
> Looking at the class I'd say it's still unimplemented. But on the 
> other hand I read in the archive openSAML 2.0 is about to be released. 
>
> Am I looking at the wrong source and it is already done ? 
> Is it obsolete or has it been decided not to do it ? 
> Is someone already working on this ? 
>
> If it's not done then I'll have to do something similar to (part of) it. 
> But I'm so new to this library that I doubt I do it in the proper 
> way (beyond what works for me). 
>
>
>