OpenSAML user discussion

[Manuela Stanica <>]

Hi Brent,

thanks, I was happy to read your reply as it turns out what you describe 
is exactly what I had already done, in detail (following the model of 
how other RoleDescriptor implementations are constructed in openSAML). 
The only thing I haven't done is implementing object providers 
specifically as you said. What I'm doing is just registering them in the 
main marschaller class in my project after the bootstrap(), as in:
       
org.opensaml.xml.Configuration.registerObjectProvider(OnlineCADescriptor.DEFAULT_ELEMENT_NAME, 
new OnlineCADescriptorBuilder(),
                                           new 
OnlineCADescriptorMarshaller(),new OnlineCADescriptorUnmarshaller(), null);
       
org.opensaml.xml.Configuration.registerObjectProvider(OnlineCAService.DEFAULT_ELEMENT_NAME, 
new OnlineCAServiceBuilder(),
                                           new 
OnlineCAServiceMarshaller(),new OnlineCAServiceUnmarshaller(), null);

With that marshalling and unmarshalling the EntityDescriptor(s) 
containing the new types works just fine. It's only when trying to 
validate now the EntityDescriptor with a 
SAMLSchemaBuilder.getSAML10Schema().newValidator() that I get the error 
I mentioned:

org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content 
was found starting with element 'egmd:OnlineCADescriptor'. One of 
'{"urn:oasis:names:tc:SAML:2.0:metadata":RoleDescriptor, 
"urn:oasis:names:tc:SAML:2.0:metadata":IDPSSODescriptor, 
"urn:oasis:names:tc:SAML:2.0:metadata":SPSSODescriptor, 
"urn:oasis:names:tc:SAML:2.0:metadata":AuthnAuthorityDescriptor, 
"urn:oasis:names:tc:SAML:2.0:metadata":AttributeAuthorityDescriptor, 
"urn:oasis:names:tc:SAML:2.0:metadata":PDPDescriptor, 
"urn:oasis:names:tc:SAML:2.0:metadata":Organization, 
"urn:oasis:names:tc:SAML:2.0:metadata":ContactPerson, 
"urn:oasis:names:tc:SAML:2.0:metadata":AdditionalMetadataLocation}' is 
expected.
ERROR net.geant.edugain.validation.Validator  - document does not 
validate against SAML10 schema
   at 
org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown 
Source)
   at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)
   at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
   at 
org.apache.xerces.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(Unknown 
Source)
......

Is there something else that I would need to do in terms of registering 
providers or so, the absence of which could cause the problem with 
validation?
I'll also take a look at the example you mentioned to see if it would 
help me gain some clarity about what I'm missing..

Manuela


Brent Putman wrote:
> Chad, I think you're confusing RoleDescriptor with the EndpointType's 
> (which BTW, for everyone else, themselves actually aren't xs:anyType, 
> but have wildcard <any> elements and <anyAttribute> and we implement 
> in a similar manner as the xs:anyType's).
>
> In the metadata schema, RoleDescriptorType is just a standard global, 
> named type.  But it's abstract, and therefore so are the corresponding 
> opensaml2 classes (impl, marshaller, unmarshaller), so that's why 
> there's no builder - you can't build an element with that default type 
> or with an explicit type declaration of xsi:type="RoleDescriptorType".
>
> This is what you want to consult.  It may be a little out of date.
> https://spaces.internet2.edu/display/SHIB/OSTwoDeveloperManual
>
> More specifically:
>
> You need to extend the RoleDescriptor interface with a new interface 
> that represents the things in your extension content model for the 
> OnlineCADescriptor.    Be sure to override the TYPE_LOCAL_NAME and 
> TYPE_NAME constants.
>
> Then supply a new non-abstract impl, which implements the new 
> interface and extends RoleDescriptorImpl.  Also extend 
> RoleDescriptorMarshaller and -Unmarshaller appropriately.
>
> Then supply a builder that builds the object.
>
> Take a look at our code for one of the concrete SAML 2 role 
> descriptors for an example, e.g. AttributeAuthorityDescriptor.
>
> Also, you need to implement providers for whatever other new 
> types/elements you may have defined as content of the role descriptor, 
> such as egmd:OnlineCAService (looks like maybe a new type by extension 
> of EndpointType?).
>
> Finally register those new providers in a new config file and load the 
> new providers into the runtime Configuration, either by extending 
> DefaultBootstrap, or by using XMLConfigurator directly.
>
>
> --Brent
>
>
>
> Chad La Joie wrote:
> > <RoleDescriptor> is an any type.  See the documentation on the 
> > OpenSAML user's manual.
> >
> > https://spaces.internet2.edu/display/SHIB/OSTwoUsrManJavaAnyTypes
> >
> > Manuela Stanica wrote:
> > > Chad La Joie wrote:
> > > > Your XML is wrong.  The metadata spec doesn't allow for new 
> > > > elements within a EntityDescriptor.  If you create a new role you 
> > > > have to use <RoleDescriptor/> with an XSI type corresponding to 
> > > > your extension.  So you'd have something like
> > > >
> > > > <RoleDescriptor xsi:type="egmd:OnlineCADescriptor" />
> > > When I first looked as how to go about including an 
> > > OnlineCADescriptor I did want to build a RoleDescriptor but couldn't 
> > > find any RoleDescriptorBuilder. So how can I create/build that 
> > > element in order to inlcude it and marshall it in the metadata?
> > >
> > > Manuela