mace-opensaml-users - Re: is already the child of another XMLObject and may not be inserted in to this list
Subject: OpenSAML user discussion
List archive
Re: is already the child of another XMLObject and may not be inserted in to this list
Chronological Thread
- From: Chad La Joie <>
- To:
- Subject: Re: is already the child of another XMLObject and may not be inserted in to this list
- Date: Wed, 13 Feb 2008 08:29:18 +0100
- Organization: SWITCH
Scott and I talked about this some and I've implemented a very basic detach() method on XMLObject. It basically globbers the parent's cached DOM and set's parent to null. The invoker still has to remove the XMLObject from its parent. I couldn't do that automatically without changing the API in a manner that would break implementations and I'm not willing to do that at this point in time.
Asa Hardcastle wrote:
Hi All,
I understand that the library does not allow an xml child to be the child of two different parents. Is there anything wrong with simply calling myobject.setParent(null) on the child? It seems to work. So does removing it from the parent with myparent.getMyObjectList().remove(myobject)
My use case is that I have a SAML Assertion (sometimes an EncryptedAssertion) that is passed inside of a SOAP header as a bearer token. Once I have obtained the credentials, I want to make a number of requests without re-authenticating.
java.lang.IllegalArgumentException: {urn:oasis:names:tc:SAML:2.0:assertion}EncryptedAssertion is already the child of another XMLObject and may not be inserted in to this list
at org.opensaml.xml.util.XMLObjectChildrenList.setParent(XMLObjectChildrenList.java:202)
at org.opensaml.xml.util.XMLObjectChildrenList.add(XMLObjectChildrenList.java:147)
at org.opensaml.xml.util.XMLObjectChildrenList.add(XMLObjectChildrenList.java:1)
at java.util.AbstractList.add(AbstractList.java:89)
at org.openliberty.wsc.WSFMessage.createWSFMessage(WSFMessage.java:151)
at org.openliberty.wsc.DiscoveryService.invokeWithEPR(DiscoveryService.java:262)
at org.openliberty.wsc.test.ClientLibTest.queryDiscoveryServiceForServiceEPRs(ClientLibTest.java:639)
...
thanks,
asa
You can certainly sign them with the same *key*, but you can't reuse the
same Signature object. You need to create a new Signature object for
each SignableXMLObject that will be signed, and set all the parameters
on each Signature appropriately. The library error you're seeing occurs
because an XMLObject can not be the child of two different parents.
This library issue aside, you probably wouldn't want to do this anyway.
It is likely that the Reference element(s) in the two signatures (as
signified by the the ContentReference object(s) that you add to the
Signature object) would need to be different, since they likely point to
different things that are being signed. As far as I know, this would
definitely be the case in any SAML signing one might want to do.
--Brent
Mike Klein wrote:
I know at a minimum it is assertions most important to sign but I
thought I should sign enclosing response as well...but I get error when
doing this.
Signature sig = SAMLUtil.getSignature(response);
assertion.setSignature(sig);
String signedEncodedResponse = SAMLUtil.marshall(response, sig,
true);
As soon as I set signature on assertion I get following:
java.lang.IllegalArgumentException:
org.opensaml.xml.signature.impl.SignatureImpl cannot be added - it is
already the child of another SAML Object
at
org.opensaml.xml.AbstractXMLObject.prepareForAssignment(AbstractXMLObject.java:370)
How should I be going about this? Is perhaps signing just broken in this
sense?
--
Asa Hardcastle, Technical Lead, openLiberty ID-WSF ClientLib
Tel: +1.413.429.1044 Skype: subsystem7
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch
- is already the child of another XMLObject and may not be inserted in to this list, Asa Hardcastle, 02/07/2008
- Re: is already the child of another XMLObject and may not be inserted in to this list, Chad La Joie, 02/08/2008
- Re: is already the child of another XMLObject and may not be inserted in to this list, Chad La Joie, 02/13/2008
Archive powered by MHonArc 2.6.16.