OpenSAML user discussion

["Perry Vessels" <>]

Hi,

I was attempting to reuse some of the code from
HTTPPostSimpleSignEncoderTest.java, but have the SAML response in the
post be signed.  The code executes, but doesn't produce a digest value
or signature value within the SAMLResponse, although the
setOutboundSAMLMessageSigningCredential method does compute the value.
 Below is the code for that portion and below that is the form post
that's produced.

Thanks in advance,
Perry


        public void httpResp(KeyPair kp) throws Exception {
                builderFactory = Configuration.getBuilderFactory();
                this.velocitySetUp();

                SAMLObjectBuilder<StatusCode> statusCodeBuilder =
(SAMLObjectBuilder<StatusCode>) builderFactory
                .getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
                StatusCode statusCode = statusCodeBuilder.buildObject();
                statusCode.setValue(StatusCode.SUCCESS_URI);

                SAMLObjectBuilder<Status> statusBuilder =
(SAMLObjectBuilder<Status>) builderFactory
                .getBuilder(Status.DEFAULT_ELEMENT_NAME);
                Status responseStatus = statusBuilder.buildObject();
                responseStatus.setStatusCode(statusCode);

                SAMLObjectBuilder<Response> responseBuilder =
(SAMLObjectBuilder<Response>) builderFactory
                .getBuilder(Response.DEFAULT_ELEMENT_NAME);
                Response samlMessage = responseBuilder.buildObject();

                samlMessage.setDestination(null);
                samlMessage.setID("foo");
                samlMessage.setVersion(SAMLVersion.VERSION_20);
                samlMessage.setIssueInstant(now);
//              samlMessage.setIssuer(makeIssuer());
                samlMessage.setStatus(responseStatus);
//              samlMessage.getAssertions().add(assertion);

                Credential signingCred =
SecurityHelper.getSimpleCredential(kp.getPublic(), kp.getPrivate());

                Signature signature = (Signature)
buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
                
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
                
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
                signature.setSigningCredential(signingCred);

                samlMessage.setSignature(signature);
        
                // Get the marshaller factory
                MarshallerFactory marshallerFactory = 
Configuration.getMarshallerFactory();
                Marshaller marshaller = 
marshallerFactory.getMarshaller(samlMessage);
                marshaller.marshall(samlMessage);
                Signer.signObject(signature);

                SAMLObjectBuilder<Endpoint> endpointBuilder =
(SAMLObjectBuilder<Endpoint>) builderFactory
                .getBuilder(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
                Endpoint samlEndpoint = endpointBuilder.buildObject();
                samlEndpoint.setLocation("http://example.org";);
                
samlEndpoint.setResponseLocation("http://example.org/response";);

                MockHttpServletResponse response = new 
MockHttpServletResponse();
                HttpServletResponseAdapter outTransport = new
HttpServletResponseAdapter(response, false);

                BasicSAMLMessageContext messageContext = new 
BasicSAMLMessageContext();
                messageContext.setOutboundMessageTransport(outTransport);
                messageContext.setPeerEntityEndpoint(samlEndpoint);
                messageContext.setOutboundSAMLMessage(samlMessage);
                messageContext.setRelayState("relay");

                
messageContext.setOutboundSAMLMessageSigningCredential(signingCred);

                HTTPPostSimpleSignEncoder encoder = new
HTTPPostSimpleSignEncoder(velocityEngine,
                                
"/resources/templates/saml2-post-simplesign-binding.vm");
                encoder.encode(messageContext);

                System.out.println(response.getContentAsString());
        }


        <form action="http://example.org"; method="post">
            <div>
                <input type="hidden" name="RelayState" value="relay"/>

                <input type="hidden" name="SAMLResponse"
value="PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgRGVzdGluYXRpb249Imh0dHA6Ly9leGFtcGxlLm9yZyIgSUQ9ImZvbyIgSXNzdWVJbnN0YW50PSIyMDA4LTA2LTI4VDE0OjU5OjQwLjE0MFoiIFZlcnNpb249IjIuMCI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQo8ZHM6U2lnbmVkSW5mbyB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQo8ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiLz4NCjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIi8+DQo8ZHM6UmVmZXJlbmNlIFVSST0iI2ZvbyIgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KPGRzOlRyYW5zZm9ybXMgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIvPg0KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxlYzpJbmNsdXNpdmVOYW1lc3BhY2VzIHhtbG5zOmVjPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIFByZWZpeExpc3Q9ImRzIHNhbWxwIi8+PC9kczpUcmFuc2Zvcm0+DQo8L2RzOlRyYW5zZm9ybXM+DQo8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIi8+DQo8ZHM6RGlnZXN0VmFsdWUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiLz4NCjwvZHM6UmVmZXJlbmNlPg0KPC9kczpTaWduZWRJbmZvPg0KPGRzOlNpZ25hdHVyZVZhbHVlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIi8+DQo8L2RzOlNpZ25hdHVyZT48c2FtbHA6U3RhdHVzIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiLz48L3NhbWxwOlN0YXR1cz48L3NhbWxwOlJlc3BvbnNlPg=="/>
                <input type="hidden" name="Signature"
value="mZr/TdcoeoVbv1XcVnEUjHWGvjS1Y/3SdOJ6SG9Cbn7gbmji4OVA/4qCKHquvSGQMHm2oF2HxM9wQYYMwQ7YTk66Vz0VfDLbGi506SaeDKSlJWrxqdCMJqquHLsXn8XUnuU4ykw1JgQwhs1XD9w7JYOTKAo8RNhrBAb0oXV8Q3E="/>
                <input type="hidden" name="SigAlg"
value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                <input type="hidden" name="KeyInfo"
value="PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48ZHM6S2V5SW5mbyB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOktleVZhbHVlPjxkczpSU0FLZXlWYWx1ZT48ZHM6TW9kdWx1cz4wVGFySm1KZ2VoTkVOVGkwNnREQVRwUFVDVGJuR3czOWdycWpNQi9rbGtxK2sydGU2WmZTQjMyWDR6V3dhRnhkbXc5UmlXalV3QjZKDQpIdEFKQ0ROaVdEN093REdSTHJwaWdqUVc0LzgxL2R1WXFBM2JjOFF1MkwvUlV3dXNuM3JZL01qM0VwemdIQTRqSGhOV1NqWmxCSENkDQpUcC8yMHYxckdUNEdVN0xqSCtrPTwvZHM6TW9kdWx1cz48ZHM6RXhwb25lbnQ+QVFBQjwvZHM6RXhwb25lbnQ+PC9kczpSU0FLZXlWYWx1ZT48L2RzOktleVZhbHVlPjwvZHM6S2V5SW5mbz4="/>
            </div>