OpenSAML user discussion

["Rachana Ananthakrishnan" <>]

This is using the latest version (with your fix for obligations)  - the same
code base works fine if I use a Java client to access it, so the library
must be correct.

Is there any logging option that I can enable to see if indeed the XACML
pieces are being ignored?

Thanks,
Rachana 

> -----Original Message-----
> From: Chad La Joie 
> [mailto:]
>  
> Sent: Wednesday, July 23, 2008 11:35 AM
> To: 
> 
> Subject: Re: [OpenSAML] Assertion object does not return statements
> 
> I just tested this with the latest code and it works fine 
> with me.  If 
> you are using old code and are not loading the XACML 
> extension then the 
> library is just going to ignore those extensions, which I 
> would guess is 
> what is happening.
> 
> Rachana Ananthakrishnan wrote:
> > We are testing interoperability between a C implementation 
> of XACML SAML
> > profile and a Java one that uses OpenSAML. A response 
> generated by C code
> > (attached is SOAP message and Response element), with
> > XACMLAutzDecisionStatementType, when parsed using OpenSAML 
> library creates a
> > Assertion object with no statements. 
> > 
> > With the following code to validate the assertion:
> > 
> > Assertion assertion = (Assertion) assertionsIter.next();
> > 
> >             logger.debug("assertion being looked at is \n" +
> >                          XmlUtils.toString(assertion.getDOM()));
> >             
> >             List authzDecisionStmtList = assertion.getStatements();
> > 
> >             if ((authzDecisionStmtList == null) ||
> >                 (authzDecisionStmtList.size() < 1)) {
> >                 logger.debug("This assertion does not have 
> any XACML Authz "
> >                              + "Decision Statement Type");
> >                 continue;
> >             }
> > 
> > 
> > The assertion snippet looks like this:
> > 
> > <saml:Assertion IssueInstant="2008-07-21T18:22:25Z"
> > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> > xsi:type="saml:AssertionType"><saml:Issuer
> > Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
> > xsi:type="saml:NameIDType"/><saml:Statement
> > 
> xsi:type="XACMLassertion:XACMLAuthzDecisionStatementType"><XAC
> MLcontext:Resp
> > onse 
> xmlns:XACMLcontext="urn:oasis:names:tc:xacml:2.0:context:schema:os"
> > xsi:type="XACMLcontext:ResponseType"><XACMLcontext:Result
> > 
> xsi:type="XACMLcontext:ResultType"><XACMLcontext:Decision>Perm
> it</XACMLconte
> > xt:Decision><XACMLcontext:Status
> > xsi:type="XACMLcontext:StatusType"><XACMLcontext:StatusCode
> > Value="urn:oasis:names:tc:xacml:1.0:status:ok"
> > 
> xsi:type="XACMLcontext:StatusCodeType"/></XACMLcontext:Status>
> </XACMLcontext
> > :Result></XACMLcontext:Response></saml:Statement></saml:Assertion>
> > 
> > But the above error is triggered and the assertion does not have any
> > statements. 
> > 
> > Any ideas on what the issue is? How I can get further 
> logging information
> > from OpenSAML to understand issue with the Assertion object 
> creation?
> > 
> > Thanks,
> > Rachana
> 
> -- 
> SWITCH
> Serving Swiss Universities
> --------------------------
> Chad La Joie, Software Engineer, Net Services
> Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
> phone +41 44 268 15 75, fax +41 44 268 15 68
> ,
>  http://www.switch.ch
>