OpenSAML user discussion

["Håkon Sagehaug" <>]

Hi

Have you looked at this site

http://www.bccs.uib.no/~hakont/SAMLXACMLExtension/

Here you will find an example project  in how to create and unmarshaling a XACMLPolicyStatement I think, and the other xacml elements as well. 

This is done with the latest jar the realease 2.1

cheers, Håkon

2008/4/30 Kenny Pearce <>:

Update on this error: it is caused by the fact that I have my policies
in XML, and I unmarshall them and then try to add them. If I release the
DOM for the policy and it's children, I don't get this error, but I get
a different error. I marshall the whole response to DOM and I can print
it out and it looks fine. I then return a DOMSource object (I'm using
the JAX-WS Provider interface to implement my IdP). When JAX-WS tries to
write this to the stream it gives this error:
"javax.xml.stream.XMLStreamException: xmlns has been already bound to
urn:oasis:names:tc:xacml:2.0:policy:schema:os. Rebinding it to  is an
error". So it appears that an xmlns="" is being added.

Should I have to release the DOM manually? Is there a good way to deal
with the namespace issue?

Thanks.

On Wed, 2008-04-30 at 09:42 -0400, Kenny Pearce wrote:
> So, I got the previous problem fixed, but now marshalling is failing
> with:
>
> org.w3c.dom.DOMException: WRONG_DOCUMENT_ERR: A node is used in a
> different document than the one that created it.
>         at org.apache.xerces.dom.ParentNode.internalInsertBefore(Unknown
> Source)
>         at org.apache.xerces.dom.ParentNode.insertBefore(Unknown Source)
>         at org.apache.xerces.dom.NodeImpl.appendChild(Unknown Source)
>         at
> org.opensaml.xml.util.XMLHelper.appendChildElement(XMLHelper.java:468)
>         at
> org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:162)
>         at
> org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:317)
> etc.
>
> I only have this problem when XACML elements are used. Any ideas?
>
> On Tue, 2008-04-29 at 17:30 -0400, Brent Putman wrote:
> >
> > Kenny Pearce wrote:
> > > Hi,
> > >   I am using the latest OpenSAML binary release (2.1.0) and trying to
> > > construct an XACMLPolicyStatement. The XMLObjectBuilderFactory cannot
> > > find a builder for it.
> >
> >
> > I'm not sure why that is, it is there in the provider config file
> > xacml2-saml2-profile-config.xml:
> >
> >         <!-- XACMLPolicyStatement -->
> >         <ObjectProvider qualifiedName="xacml-saml:XACMLPolicyStatement">
> >             <BuilderClass
> > className="org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeImplBuilder"
> > />
> >             <MarshallingClass
> > className="org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeMarshaller"
> > />
> >             <UnmarshallingClass
> > className="org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeUnmarshaller"
> > />
> >         </ObjectProvider>
> >
> >         <ObjectProvider qualifiedName="xacml-saml:XACMLPolicyStatementType">
> >             <BuilderClass
> > className="org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeImplBuilder"
> > />
> >             <MarshallingClass
> > className="org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeMarshaller"
> > />
> >             <UnmarshallingClass
> > className="org.opensaml.xacml.profile.saml.impl.XACMLPolicyStatementTypeUnmarshaller"
> > />
> >         </ObjectProvider>
> >
> >
> >
> > Are you trying to lookup by the type or element QName?
> >
> > Also, don't know for what purpose you are using the XACML policy
> > statement, but just pointing out that if this is intended to go as a
> > statement in a saml:Assertion, you have to use a Statement element with
> > an xsi:type, becuase of the way the SAML schema is defined.
> >
> >
> > > If I manually instantiate an
> > > XACMLPolicyStatementTypeImplBuilder, then it crashes later on because it
> > > can't find the marshaller and tries to use the XSAnyMarshaller. I have
> > > double-checked that I have an OpenSAML jar version with the relevant XML
> > > files. The only thing I can think of is that it may have to do with my
> > > version of xmltooling - I have built that from the latest SVN because I
> > > need my XSDateTime patch.
> >
> > FYI, I don't think xmltooling is relevant to your problem, but I would
> > say in general:
> > 1) you probably do want to keep your version of xmltooling (openws) in
> > sync with what's released with a particular version of opensaml2, just
> > to avoid problems
> > 2) if you have your own object provider impls, you might want to keep
> > and package those separate from our libraries, for the above reason.  Or
> > submit this as a feature request/patch via Jira, and we could include it
> > with the distribution, subject to whatever contributer agreements, etc
> > that might be neccesary.  I'd have to check on that, or maybe Chad or
> > Scott knows more.
> >
> > > However, it doesn't seem that there is an
> > > xacml-integration branch on xmltooling or anything like that.
> >
> > No, there's not.  FYI, again not necessarily related to your problem:
> > all development in these projects is being done on the REL_X branch that
> > corresponds to the  current major release,  *not* on the trunk, so if
> > you want the latest "current" code, that's what you should be pulling.
> >
> > > Besides,
> > > it seems to me that as long as DefaultBootstrap is right it shouldn't
> > > matter. Any idea why this would not work?
> > >
> >
> > Correct it should work as long as DefaultBootstrap is right, which it
> > appears to be.  See my followup on your next message.
> >
>

--
Kenny Pearce <>
Hx Technologies

-- 
Håkon Sagehaug, Software Developer
Parallab, Bergen Center for Computational Science (BCCS)
UNIFOB AS (University of Bergen Research Company)