Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Validating a signature - Help

Subject: OpenSAML user discussion

List archive

Re: Validating a signature - Help


Chronological Thread 
  • From: Brent Putman <>
  • To:
  • Subject: Re: Validating a signature - Help
  • Date: Tue, 19 Feb 2008 19:24:17 -0500


Jerry Thome wrote:

Thank you Brent!  This was the most accurate, comprehensive, and quickest response that I've received in a long time from any 'third party'.  I was able to get my simple validation working right away and openSAML is now a little de-mystified for me.  The documentation did make more sense once I got my example working.... although my example was exactly what the documentation said  ;  )

No, problem.  We aim to please here at OpenSAML.  :-)


I did have a little trouble with the KeyInfoCredentialResolver suggestion.  The resolveSingle() method was not available to me.  I must not have the base 'configuration' enabled or something else not setup.  I used the helpers to create the credential as you recommended.  I really need to dig into the User's Manual more and understand more of the toolkit.



I did want to follow up with you to find out what you meant here.  Are you saying that that method was not present on the KeyInfoCredentialResolver interface? Or just that it didn't return anything, etc? Or you're getting an NPE somewhere?  Are you seeing any errors logged? 

I don't see how the method being missing is possible, I think even on really, really old versions of the code it was there.  It's defined way up in AbstractCredentialResolver. 

Just to confirm: you are calling DefaultBootstrap.bootstrap() somewhere in your code before you use the OpenSAML components?  Among other things, that sets up the stuff on the global security cofiguration, including that default KeyInfo cred resolver.




You can also use a KeyInfoCredentialResolver to get the Credential out of the KeyInfo:

KeyInfoCredentialResolver kiResolver =
  Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver();
CriteriaSet criteriaSet = new CriteriaSet( new KeyInfoCriteria(keyInfo) );
Credential cred = kiResolver.resolveSingle(criteriaSet);


And use that resolved credential as the input to the SignatureValidator.


BTW, this code snippet was taken straight out of my IDE, so I don't think there are any typos, etc.


--Brent


Archive powered by MHonArc 2.6.16.

Top of Page