OpenSAML user discussion

[Brent Putman <>]

The only examples I can point you to are the profile handlers in the Shibboleth 2.0 IdP.  Such as the handler for SAML2 AttributeQuery:

http://tinyurl.com/6a6fgr

That's in the java-idp project in svn.  It is based on the java-shib-common library, which is heavily Spring based.


BTW, the OpenSAML approach is that, as a toolkit and not an implementation of an IdP, SP, etc, it doesn't implement high level functionality for profiles or protocol request/response handling.  That is seen as the job of a specific service implementation, like Shibboleth.

HTH,
Brent


Totsline, Greg wrote:

 

Thanks very much for the feedback; it helps a lot – good points about the crypto and DS support.  Are there a simple set of examples you can point me to?  The user manual is pretty light and I am especially interested in seeing examples for SAML query and query response processing.

 

 

---

From: Brent Putman []
Sent: Tuesday, April 22, 2008 1:40 AM
To:
Subject: Re: [OpenSAML] New to OpenSAML 2 - Basic Question

 

I'm only passingly familiar with XMLBeans, but I think it basically just gives you Java language bindings to the schema.

OpenSAML provides language bindings also, however that is just a small part of what it offers.  OpenSAML also provides a lot of explicit support for XML Signature and XML Encryption; key and credential resolution and management; trust engines used to validate tokens such as signatures and credentials/keys; providers for fetching, processing and using SAML 2 metadata; SAML 2 binding support, including security policy rule sets over received messages. And probably some other stuff that I'm forgetting at the moment.  Depending on what you're going to be doing, you're going to need some or all of those things.  At the very least probably XML Signature.

If what you need is an Identity Provider, and you don't want to reinvent the wheel, I'd also suggest you should take a look at the Shibboleth 2.0 IdP, which is based on Java OpenSAML2.  We think it's pretty good.  :-)


Totsline, Greg wrote:

Hi –

 

I am evaluating different approaches to implementing a stripped down SAML Authority (only need to support attribute and possibly authentication queries and their responses).  Can someone please tell me if there are particular advantages to using OpenSAML 2 versus just generating XMLBeans using the SAML core and protocol XML schemas?  Both approaches provide what appears to be a 1-for-1 set of Java wrapper classes for each element in theschemas.

 

I would also like to know if anyone has been successful in using OpenSAML 2 on Weblogic Server 10 or greater.

 

Thanks very much.

 

-greg