OpenSAML user discussion

["Håkon Sagehaug" <>]

Hi Christina,

see inline

2008/5/30 Christina Cunningham <>:

Hi Hakon,

Following the examples of building objects elsewhere in the SAML code, I had built the XACMLAuthzDecisionStatementType previously as follows:

<code>
XACMLAuthzDecisionStatementTypeImplBuilder statementBuilder = (XACMLAuthzDecisionStatementTypeImplBuilder)
      builderFactory.getBuilder(XACMLAuthzDecisionStatementType.DEFAULT_ELEMENT_NAME_XACML20);

XACMLAuthzDecisionStatementType decisionType = statementBuilder.buildObject(SAMLProfileConstants.SAML20XACML20P_NS,
      XACMLAuthzDecisionStatementType.DEFAULT_ELEMENT_LOCAL_NAME,
      SAMLProfileConstants.SAML20XACMLPROTOCOL_PREFIX);
</code>


Your code had the XACMLAuthzDecisionStatementType built as follows:

<code>
XACMLAuthzDecisionStatementTypeImplBuilder statementBuilder = (XACMLAuthzDecisionStatementTypeImplBuilder)
      builderFactory.getBuilder(XACMLAuthzDecisionStatementType.TYPE_NAME_XACML20);

XACMLAuthzDecisionStatementType decisionType = statementBuilder
      .buildObject(Statement.DEFAULT_ELEMENT_NAME, XACMLAuthzDecisionStatementType.TYPE_NAME_XACML20);
</code>

So, to put the XACMLAuthzDecisionStatementType inside the SAML response, I needed to build the object with a default element name of Statement. Changing these two lines, my code now works fine - I hadn't come across any code or xml examples of putting the XACMLAuthzDecisionStatement inside the SAML response so it hadn't occurred to me that I needed a Statement element of type XACMLAuthzDecisionStatement :o)

Yes this element is a little tric to it, also if you looked at the project link, in that direcory there is also a little guide about the xacml extension, called Programming guide, some this are mentioned there

cheers Håkon

Thanks for your help,


Christina



Håkon Sagehaug wrote:

Hi Christina

I tried the same as you, but did bot get this error. I almost just copy/pasted you code into my test project. Have you tried to debug it to see on what line the error comes from?

here is a link to my test project. See in the class SampleProgram#statementXACMLAuthzDecision that makes the assertion and SampleProgram#marshallSAMLRepsonse.

http://www.bccs.uib.no/~hakont/SAMLXACMLExtension/files/SamplePackage_src.tar.gz <http://www.bccs.uib.no/%7Ehakont/SAMLXACMLExtension/files/SamplePackage_src.tar.gz>

How is your XACMLAuthzDecisionStatement made, could it be something wrong there?

cheers,. Håkon

2008/5/29 Christina Cunningham < <mailto:>>:

   Hi,

   When trying to marshall a saml (2.0) response containing an
   assertion which has an XACMLAuthzDecisionStatement within it's
   list of statements, I am getting a ClassCastException thrown.

   I am assuming that because XACMLAuthzDecisionStatement extends
   Statement this should be possible to do?

   <code>
   SAMLObjectBuilder<Response> builder =
   (SAMLObjectBuilder<Response>) builderFactory
                 .getBuilder(Response.DEFAULT_ELEMENT_NAME);
   Response response = builder.buildObject();
   response.setVersion(SAMLVersion.VERSION_20);
   Assertion assertion = getAssertion(issueInstant, responseSubject);
   XACMLAuthzDecisionStatementType decision =
   getXACMLAuthzDecisionStatementType();
   assertion.getStatements().add(decision);         response.getAssertions().add(assertion);

   MarshallerFactory marshallerFactory =
   Configuration.getMarshallerFactory();
   Marshaller marshaller = marshallerFactory.getMarshaller(response);
   Element subjectElement = marshaller.marshall(response);
   </code>

   <stacktrace>
   java.lang.ClassCastException:
   org.opensaml.xacml.profile.saml.impl.XACMLAuthzDecisionStatementTypeImpl
   cannot be cast to org.opensaml.xml.schema.XSAnynull
     at
   org.opensaml.xml.schema.impl.XSAnyMarshaller.marshallAttributes(XSAnyMarshaller.java:39)
     at
   org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:225)
     at
   org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:178)
     at
   org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:319)
     at
   org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:227)
     at
   org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:178)
     at
   org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:319)
     at
   org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:227)
     at
   org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:133)
     at
   org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:89)
     at
   com.<>.security.saml.SamlResponseHelper.marshallResponseToString(SamlResponseHelper.java:144)
     at
   com.<>.security.saml.SamlResponseHelper.buildResponseString(SamlResponseHelper.java:98)
     at
   com.<>.security.signon.client.TestSamlResponseHelper.<init>(TestSamlResponseHelper.java:50)
     at
   com.<>.security.signon.client.TestSamlResponseHelper.main(TestSamlResponseHelper.java:64)
   Exception in thread "main" java.lang.NullPointerException
   </stacktrace>


   Thanks,

   Christina

   --    Christina Cunningham
   Software Engineer
   Belfast eScience Centre (BeSC)
   Queen's University, Belfast

   e: c.cunningham [at] besc.ac.uk <http://besc.ac.uk>
   w: www.besc.ac.uk <http://www.besc.ac.uk>

--
Håkon Sagehaug, Software Developer
Parallab, Bergen Center for Computational Science (BCCS)
UNIFOB AS (University of Bergen Research Company)

--
Christina Cunningham
Software Engineer
Belfast eScience Centre (BeSC)
Queen's University, Belfast
e: c.cunningham [at] besc.ac.uk
w: www.besc.ac.uk

-- 
Håkon Sagehaug, Software Developer
Parallab, Bergen Center for Computational Science (BCCS)
UNIFOB AS (University of Bergen Research Company)