OpenSAML user discussion

[Chad La Joie <>]

Simple sign does not sign the SAML, that, in theory, is why it's 
simpler.  Take a look at the SAML SimpleSign spec to see what that code 
is doing.

Perry Vessels wrote:
> Hi,
>
> I was attempting to reuse some of the code from
> HTTPPostSimpleSignEncoderTest.java, but have the SAML response in the
> post be signed.  The code executes, but doesn't produce a digest value
> or signature value within the SAMLResponse, although the
> setOutboundSAMLMessageSigningCredential method does compute the value.
>  Below is the code for that portion and below that is the form post
> that's produced.
>
> Thanks in advance,
> Perry
>
>
>         public void httpResp(KeyPair kp) throws Exception {
>                 builderFactory = Configuration.getBuilderFactory();
>                 this.velocitySetUp();
>
>                 SAMLObjectBuilder<StatusCode> statusCodeBuilder =
> (SAMLObjectBuilder<StatusCode>) builderFactory
>                 .getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
>                 StatusCode statusCode = statusCodeBuilder.buildObject();
>                 statusCode.setValue(StatusCode.SUCCESS_URI);
>
>                 SAMLObjectBuilder<Status> statusBuilder =
> (SAMLObjectBuilder<Status>) builderFactory
>                 .getBuilder(Status.DEFAULT_ELEMENT_NAME);
>                 Status responseStatus = statusBuilder.buildObject();
>                 responseStatus.setStatusCode(statusCode);
>
>                 SAMLObjectBuilder<Response> responseBuilder =
> (SAMLObjectBuilder<Response>) builderFactory
>                 .getBuilder(Response.DEFAULT_ELEMENT_NAME);
>                 Response samlMessage = responseBuilder.buildObject();
>
>                 samlMessage.setDestination(null);
>                 samlMessage.setID("foo");
>                 samlMessage.setVersion(SAMLVersion.VERSION_20);
>                 samlMessage.setIssueInstant(now);
> //              samlMessage.setIssuer(makeIssuer());
>                 samlMessage.setStatus(responseStatus);
> //              samlMessage.getAssertions().add(assertion);
>
>                 Credential signingCred =
> SecurityHelper.getSimpleCredential(kp.getPublic(), kp.getPrivate());
>
>                 Signature signature = (Signature)
> buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
>                 
> signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
>                 
> signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
>                 signature.setSigningCredential(signingCred);
>
>                 samlMessage.setSignature(signature);
>         
>                 // Get the marshaller factory
>                 MarshallerFactory marshallerFactory = 
> Configuration.getMarshallerFactory();
>                 Marshaller marshaller = 
> marshallerFactory.getMarshaller(samlMessage);
>                 marshaller.marshall(samlMessage);
>                 Signer.signObject(signature);
>
>                 SAMLObjectBuilder<Endpoint> endpointBuilder =
> (SAMLObjectBuilder<Endpoint>) builderFactory
>                 .getBuilder(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
>                 Endpoint samlEndpoint = endpointBuilder.buildObject();
>                 samlEndpoint.setLocation("http://example.org";);
>                 
> samlEndpoint.setResponseLocation("http://example.org/response";);
>
>                 MockHttpServletResponse response = new 
> MockHttpServletResponse();
>                 HttpServletResponseAdapter outTransport = new
> HttpServletResponseAdapter(response, false);
>
>                 BasicSAMLMessageContext messageContext = new 
> BasicSAMLMessageContext();
>                 messageContext.setOutboundMessageTransport(outTransport);
>                 messageContext.setPeerEntityEndpoint(samlEndpoint);
>                 messageContext.setOutboundSAMLMessage(samlMessage);
>                 messageContext.setRelayState("relay");
>
>                 
> messageContext.setOutboundSAMLMessageSigningCredential(signingCred);
>
>                 HTTPPostSimpleSignEncoder encoder = new
> HTTPPostSimpleSignEncoder(velocityEngine,
>                                 
> "/resources/templates/saml2-post-simplesign-binding.vm");
>                 encoder.encode(messageContext);
>
>                 System.out.println(response.getContentAsString());
>         }
>
>
>         <form action="http://example.org"; method="post">
>             <div>
>                 <input type="hidden" name="RelayState" value="relay"/>
>
>                 <input type="hidden" name="SAMLResponse"
> value="PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgRGVzdGluYXRpb249Imh0dHA6Ly9leGFtcGxlLm9yZyIgSUQ9ImZvbyIgSXNzdWVJbnN0YW50PSIyMDA4LTA2LTI4VDE0OjU5OjQwLjE0MFoiIFZlcnNpb249IjIuMCI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQo8ZHM6U2lnbmVkSW5mbyB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQo8ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiLz4NCjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIi8+DQo8ZHM6UmVmZXJlbmNlIFVSST0iI2ZvbyIgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KPGRzOlRyYW5zZm9ybXMgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KPGRzOlRyYW5zZm9ybSBBbGdvcml0a
G09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIvPg0KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxlYzpJbmNsdXNpdmVOYW1lc3BhY2VzIHhtbG5zOmVjPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIFByZWZpeExpc3Q9ImRzIHNhbWxwIi8+PC9kczpUcmFuc2Zvcm0+DQo8L2RzOlRyYW5zZm9ybXM+DQo8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIi8+DQo8ZHM6RGlnZXN0VmFsdWUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiLz4NCjwvZHM6UmVmZXJlbmNlPg0KPC9kczpTaWduZWRJbmZvPg0KPGRzOlNpZ25hdHVyZVZhbHVlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIi8+DQo8L2RzOlNpZ25hdHVyZT48c2FtbHA6U3RhdHVzIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ
1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiLz48L3NhbWxwOlN0YXR1cz48L3NhbWxwOlJlc3BvbnNlPg=="/>
>                 <input type="hidden" name="Signature"
> value="mZr/TdcoeoVbv1XcVnEUjHWGvjS1Y/3SdOJ6SG9Cbn7gbmji4OVA/4qCKHquvSGQMHm2oF2HxM9wQYYMwQ7YTk66Vz0VfDLbGi506SaeDKSlJWrxqdCMJqquHLsXn8XUnuU4ykw1JgQwhs1XD9w7JYOTKAo8RNhrBAb0oXV8Q3E="/>
>                 <input type="hidden" name="SigAlg"
> value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>                 <input type="hidden" name="KeyInfo"
> value="PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48ZHM6S2V5SW5mbyB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOktleVZhbHVlPjxkczpSU0FLZXlWYWx1ZT48ZHM6TW9kdWx1cz4wVGFySm1KZ2VoTkVOVGkwNnREQVRwUFVDVGJuR3czOWdycWpNQi9rbGtxK2sydGU2WmZTQjMyWDR6V3dhRnhkbXc5UmlXalV3QjZKDQpIdEFKQ0ROaVdEN093REdSTHJwaWdqUVc0LzgxL2R1WXFBM2JjOFF1MkwvUlV3dXNuM3JZL01qM0VwemdIQTRqSGhOV1NqWmxCSENkDQpUcC8yMHYxckdUNEdVN0xqSCtrPTwvZHM6TW9kdWx1cz48ZHM6RXhwb25lbnQ+QVFBQjwvZHM6RXhwb25lbnQ+PC9kczpSU0FLZXlWYWx1ZT48L2RzOktleVZhbHVlPjwvZHM6S2V5SW5mbz4="/>
>             </div>

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
 http://www.switch.ch