Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML]

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML]


Chronological Thread 
  • From: Brent Putman <>
  • To:
  • Subject: Re: [OpenSAML]
  • Date: Thu, 17 Jul 2008 14:34:26 -0400

Aside from the JVM issues you and Chad have already been discussing, note that on the SAML 2 Encrypter, the ID generator is a configurable property:

    /**
     * Set the generator to use when creating XML ID attribute values.
     *
     * @param newIDGenerator the new IdentifierGenerator to use
     */
    public void setIDGenerator(IdentifierGenerator newIDGenerator) {
        this.idGenerator = newIDGenerator;
    }



The IdentifierGenerator defaults to our org.opensaml.common.impl.SecureRandomIdentifierGenerator.

However we also have another impl, org.opensaml.common.impl.RandomIdentifierGenerator, which just uses java.util.Random.

And of course you could supply your own impl if there is a better option on your platform.  IdentifierGenerator is a pretty simple interface, just 2 methods.

Perhaps that will help you if you can't find a better solution re: the JVM issues.


--Brent



wrote:

I am using the latest SAML2 library for Java.
When I call the encrypt() method of an Encryter for an Attribute, it looks like the downline code is using
SecureRandom to generate an unique id for the Node.  On my XP machine at least, this is a VERY expensive operation, and I find it spending 2.2-2.5 seconds
in the nextByte() .

Do others find this to be true?  Is there a way I can generate my own id for the Node?

SecureRandom is critical for key generation et al. but isn't it overkill for generating a simple id?
What am I missing?

Edward Thompson
Charlotte, NC 28202



Archive powered by MHonArc 2.6.16.

Top of Page