OpenSAML user discussion

[Kenny Pearce <>]

Second update: it works fine if I specify a prefix rather than setting
the default namespace. However, this is kind of a pain since the
attributes are supposed to be in the namespace as well, and since it
means that there will be some valid XACML policies that I can't process
(namely, those that set the default namespace).

On Wed, 2008-04-30 at 11:10 -0400, Kenny Pearce wrote:
> Update on this error: it is caused by the fact that I have my policies
> in XML, and I unmarshall them and then try to add them. If I release the
> DOM for the policy and it's children, I don't get this error, but I get
> a different error. I marshall the whole response to DOM and I can print
> it out and it looks fine. I then return a DOMSource object (I'm using
> the JAX-WS Provider interface to implement my IdP). When JAX-WS tries to
> write this to the stream it gives this error:
> "javax.xml.stream.XMLStreamException: xmlns has been already bound to
> urn:oasis:names:tc:xacml:2.0:policy:schema:os. Rebinding it to  is an
> error". So it appears that an xmlns="" is being added.
> 
> Should I have to release the DOM manually? Is there a good way to deal
> with the namespace issue?
> 
> Thanks.
> 
> On Wed, 2008-04-30 at 09:42 -0400, Kenny Pearce wrote:
> > So, I got the previous problem fixed, but now marshalling is failing
> > with:
> > 
> > org.w3c.dom.DOMException: WRONG_DOCUMENT_ERR: A node is used in a
> > different document than the one that created it.
> >         at org.apache.xerces.dom.ParentNode.internalInsertBefore(Unknown
> > Source)
> >         at org.apache.xerces.dom.ParentNode.insertBefore(Unknown Source)
> >         at org.apache.xerces.dom.NodeImpl.appendChild(Unknown Source)
> >         at
> > org.opensaml.xml.util.XMLHelper.appendChildElement(XMLHelper.java:468)
> >         at
> > org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:162)
> >         at
> > org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:317)
> > etc.
> > 
> > I only have this problem when XACML elements are used. Any ideas?
> > 
> > On Tue, 2008-04-29 at 17:30 -0400, Brent Putman wrote:
> > > 
> > > Kenny Pearce wrote:
> > > > Hi,
> > > >         I am using the latest OpenSAML binary release (2.1.0) and 
> > > > trying to
> > > > construct an XACMLPolicyStatement. The XMLObjectBuilderFactory cannot
> > > > find a builder for it. 
> > > 
> > > 
> > > I'm not sure why that is, it is there in the provider config file 
> > > xacml2-saml2-profile-config.xml:
> > > 
> > >         <!-- XACMLPolicyStatement -->
> > >         <ObjectProvider qualifiedName="xacml-saml:XACMLPolicyStatement">
> > >             <BuilderClass 
> > > className="org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeImplBuilder"
> > >  
> > > />
> > >             <MarshallingClass 
> > > className="org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeMarshaller"
> > >  
> > > />
> > >             <UnmarshallingClass 
> > > className="org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeUnmarshaller"
> > >  
> > > />
> > >         </ObjectProvider>
> > >        
> > >         <ObjectProvider 
> > > qualifiedName="xacml-saml:XACMLPolicyStatementType">
> > >             <BuilderClass 
> > > className="org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeImplBuilder"
> > >  
> > > />
> > >             <MarshallingClass 
> > > className="org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeMarshaller"
> > >  
> > > />
> > >             <UnmarshallingClass 
> > > className="org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeUnmarshaller"
> > >  
> > > />
> > >         </ObjectProvider>
> > > 
> > > 
> > > 
> > > Are you trying to lookup by the type or element QName?
> > > 
> > > Also, don't know for what purpose you are using the XACML policy 
> > > statement, but just pointing out that if this is intended to go as a 
> > > statement in a saml:Assertion, you have to use a Statement element with 
> > > an xsi:type, becuase of the way the SAML schema is defined.
> > > 
> > > 
> > > > If I manually instantiate an
> > > > XACMLPolicyStatementTypeImplBuilder, then it crashes later on because 
> > > > it
> > > > can't find the marshaller and tries to use the XSAnyMarshaller. I have
> > > > double-checked that I have an OpenSAML jar version with the relevant 
> > > > XML
> > > > files. The only thing I can think of is that it may have to do with my
> > > > version of xmltooling - I have built that from the latest SVN because 
> > > > I
> > > > need my XSDateTime patch. 
> > > 
> > > FYI, I don't think xmltooling is relevant to your problem, but I would 
> > > say in general:
> > > 1) you probably do want to keep your version of xmltooling (openws) in 
> > > sync with what's released with a particular version of opensaml2, just 
> > > to avoid problems
> > > 2) if you have your own object provider impls, you might want to keep 
> > > and package those separate from our libraries, for the above reason.  
> > > Or 
> > > submit this as a feature request/patch via Jira, and we could include 
> > > it 
> > > with the distribution, subject to whatever contributer agreements, etc 
> > > that might be neccesary.  I'd have to check on that, or maybe Chad or 
> > > Scott knows more.
> > > 
> > > > However, it doesn't seem that there is an
> > > > xacml-integration branch on xmltooling or anything like that. 
> > > 
> > > No, there's not.  FYI, again not necessarily related to your problem: 
> > > all development in these projects is being done on the REL_X branch 
> > > that 
> > > corresponds to the  current major release,  *not* on the trunk, so if 
> > > you want the latest "current" code, that's what you should be pulling.
> > > 
> > > > Besides,
> > > > it seems to me that as long as DefaultBootstrap is right it shouldn't
> > > > matter. Any idea why this would not work? 
> > > >   
> > > 
> > > Correct it should work as long as DefaultBootstrap is right, which it 
> > > appears to be.  See my followup on your next message.
> > > 
> >