Skip to Content.
Sympa Menu

mace-opensaml-users - RE: [OpenSAML] Assertion object does not return statements

Subject: OpenSAML user discussion

List archive

RE: [OpenSAML] Assertion object does not return statements


Chronological Thread 
  • From: "Rachana Ananthakrishnan" <>
  • To: <>
  • Subject: RE: [OpenSAML] Assertion object does not return statements
  • Date: Wed, 23 Jul 2008 12:08:14 -0500

This is using the latest version (with your fix for obligations) - the same
code base works fine if I use a Java client to access it, so the library
must be correct.

Is there any logging option that I can enable to see if indeed the XACML
pieces are being ignored?

Thanks,
Rachana

> -----Original Message-----
> From: Chad La Joie
> [mailto:]
>
> Sent: Wednesday, July 23, 2008 11:35 AM
> To:
>
> Subject: Re: [OpenSAML] Assertion object does not return statements
>
> I just tested this with the latest code and it works fine
> with me. If
> you are using old code and are not loading the XACML
> extension then the
> library is just going to ignore those extensions, which I
> would guess is
> what is happening.
>
> Rachana Ananthakrishnan wrote:
> > We are testing interoperability between a C implementation
> of XACML SAML
> > profile and a Java one that uses OpenSAML. A response
> generated by C code
> > (attached is SOAP message and Response element), with
> > XACMLAutzDecisionStatementType, when parsed using OpenSAML
> library creates a
> > Assertion object with no statements.
> >
> > With the following code to validate the assertion:
> >
> > Assertion assertion = (Assertion) assertionsIter.next();
> >
> > logger.debug("assertion being looked at is \n" +
> > XmlUtils.toString(assertion.getDOM()));
> >
> > List authzDecisionStmtList = assertion.getStatements();
> >
> > if ((authzDecisionStmtList == null) ||
> > (authzDecisionStmtList.size() < 1)) {
> > logger.debug("This assertion does not have
> any XACML Authz "
> > + "Decision Statement Type");
> > continue;
> > }
> >
> >
> > The assertion snippet looks like this:
> >
> > <saml:Assertion IssueInstant="2008-07-21T18:22:25Z"
> > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> > xsi:type="saml:AssertionType"><saml:Issuer
> > Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
> > xsi:type="saml:NameIDType"/><saml:Statement
> >
> xsi:type="XACMLassertion:XACMLAuthzDecisionStatementType"><XAC
> MLcontext:Resp
> > onse
> xmlns:XACMLcontext="urn:oasis:names:tc:xacml:2.0:context:schema:os"
> > xsi:type="XACMLcontext:ResponseType"><XACMLcontext:Result
> >
> xsi:type="XACMLcontext:ResultType"><XACMLcontext:Decision>Perm
> it</XACMLconte
> > xt:Decision><XACMLcontext:Status
> > xsi:type="XACMLcontext:StatusType"><XACMLcontext:StatusCode
> > Value="urn:oasis:names:tc:xacml:1.0:status:ok"
> >
> xsi:type="XACMLcontext:StatusCodeType"/></XACMLcontext:Status>
> </XACMLcontext
> > :Result></XACMLcontext:Response></saml:Statement></saml:Assertion>
> >
> > But the above error is triggered and the assertion does not have any
> > statements.
> >
> > Any ideas on what the issue is? How I can get further
> logging information
> > from OpenSAML to understand issue with the Assertion object
> creation?
> >
> > Thanks,
> > Rachana
>
> --
> SWITCH
> Serving Swiss Universities
> --------------------------
> Chad La Joie, Software Engineer, Net Services
> Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
> phone +41 44 268 15 75, fax +41 44 268 15 68
> ,
> http://www.switch.ch
>




Archive powered by MHonArc 2.6.16.

Top of Page