Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Assertion object does not return statements

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Assertion object does not return statements


Chronological Thread 
  • From: Chad La Joie <>
  • To:
  • Subject: Re: [OpenSAML] Assertion object does not return statements
  • Date: Wed, 23 Jul 2008 19:16:54 +0200
  • Openpgp: id=146B2514
  • Organization: SWITCH

If you turn on debug logging for OpenSAML it will tell you all the object provides it's loading in to its configuration.

Rachana Ananthakrishnan wrote:
This is using the latest version (with your fix for obligations) - the same
code base works fine if I use a Java client to access it, so the library
must be correct.

Is there any logging option that I can enable to see if indeed the XACML
pieces are being ignored?

Thanks,
Rachana
-----Original Message-----
From: Chad La Joie [mailto:] Sent: Wednesday, July 23, 2008 11:35 AM
To:

Subject: Re: [OpenSAML] Assertion object does not return statements

I just tested this with the latest code and it works fine with me. If you are using old code and are not loading the XACML extension then the library is just going to ignore those extensions, which I would guess is what is happening.

Rachana Ananthakrishnan wrote:
We are testing interoperability between a C implementation
of XACML SAML
profile and a Java one that uses OpenSAML. A response
generated by C code
(attached is SOAP message and Response element), with
XACMLAutzDecisionStatementType, when parsed using OpenSAML
library creates a
Assertion object with no statements.
With the following code to validate the assertion:

Assertion assertion = (Assertion) assertionsIter.next();

logger.debug("assertion being looked at is \n" +
XmlUtils.toString(assertion.getDOM()));
List authzDecisionStmtList = assertion.getStatements();

if ((authzDecisionStmtList == null) ||
(authzDecisionStmtList.size() < 1)) {
logger.debug("This assertion does not have
any XACML Authz "
+ "Decision Statement Type");
continue;
}


The assertion snippet looks like this:

<saml:Assertion IssueInstant="2008-07-21T18:22:25Z"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:type="saml:AssertionType"><saml:Issuer
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
xsi:type="saml:NameIDType"/><saml:Statement

xsi:type="XACMLassertion:XACMLAuthzDecisionStatementType"><XAC
MLcontext:Resp
onse
xmlns:XACMLcontext="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xsi:type="XACMLcontext:ResponseType"><XACMLcontext:Result

xsi:type="XACMLcontext:ResultType"><XACMLcontext:Decision>Perm
it</XACMLconte
xt:Decision><XACMLcontext:Status
xsi:type="XACMLcontext:StatusType"><XACMLcontext:StatusCode
Value="urn:oasis:names:tc:xacml:1.0:status:ok"

xsi:type="XACMLcontext:StatusCodeType"/></XACMLcontext:Status>
</XACMLcontext
:Result></XACMLcontext:Response></saml:Statement></saml:Assertion>

But the above error is triggered and the assertion does not have any
statements.
Any ideas on what the issue is? How I can get further
logging information
from OpenSAML to understand issue with the Assertion object
creation?
Thanks,
Rachana
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch



--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch




Archive powered by MHonArc 2.6.16.

Top of Page