OpenSAML user discussion

Thank you - thats what I was looking
for (though as you noted the JVM was the real issue, and only on my Wiindows
box, niot in UNIX).

I just didn't connect those dots when
I was tracing through.

Edward Thompson


Authentication & Entitlements

Brent Putman <>

07/17/2008 02:34 PM

Please respond to

To
cc
Subject	Re: [OpenSAML]

Aside from the JVM issues you and Chad have already been
discussing, note that on the SAML 2 Encrypter, the ID generator is a configurable
property:

    /**
     * Set the generator to use when creating XML ID attribute
values.
     * 
     * @param newIDGenerator the new IdentifierGenerator to use
     */
    public void setIDGenerator(IdentifierGenerator newIDGenerator)
{
        this.idGenerator = newIDGenerator;
    }



The IdentifierGenerator defaults to our org.opensaml.common.impl.SecureRandomIdentifierGenerator.

However we also have another impl, org.opensaml.common.impl.RandomIdentifierGenerator,
which just uses java.util.Random.

And of course you could supply your own impl if there is a better option
on your platform.  IdentifierGenerator is a pretty simple interface,
just 2 methods.

Perhaps that will help you if you can't find a better solution re: the
JVM issues.


--Brent



wrote: 

I am using the latest SAML2 library for Java. 
When I call the encrypt() method of an Encryter for an Attribute, it looks
like the downline code is using 
SecureRandom to generate an unique id for the Node.  On my XP machine
at least, this is a VERY expensive operation, and I find it spending 2.2-2.5
seconds 
in the nextByte() . 

Do others find this to be true?  Is there a way I can generate my
own id for the Node? 

SecureRandom is critical for key generation et al. but isn't it overkill
for generating a simple id? 
What am I missing? 

Edward Thompson
Charlotte, NC 28202