OpenSAML user discussion

[Chad La Joie <>]

If you turn on debug logging for OpenSAML it will tell you all the 
object provides it's loading in to its configuration.

Rachana Ananthakrishnan wrote:
> This is using the latest version (with your fix for obligations)  - the same
> code base works fine if I use a Java client to access it, so the library
> must be correct.
>
> Is there any logging option that I can enable to see if indeed the XACML
> pieces are being ignored?
>
> Thanks,
> Rachana 
>
> > -----Original Message-----
> > From: Chad La Joie [mailto:] 
> > Sent: Wednesday, July 23, 2008 11:35 AM
> > To: 
> >
> > Subject: Re: [OpenSAML] Assertion object does not return statements
> >
> > I just tested this with the latest code and it works fine 
> > with me.  If 
> > you are using old code and are not loading the XACML 
> > extension then the 
> > library is just going to ignore those extensions, which I 
> > would guess is 
> > what is happening.
> >
> > Rachana Ananthakrishnan wrote:
> > > We are testing interoperability between a C implementation 
> > of XACML SAML
> > > profile and a Java one that uses OpenSAML. A response 
> > generated by C code
> > > (attached is SOAP message and Response element), with
> > > XACMLAutzDecisionStatementType, when parsed using OpenSAML 
> > library creates a
> > > Assertion object with no statements. 
> > >
> > > With the following code to validate the assertion:
> > >
> > > Assertion assertion = (Assertion) assertionsIter.next();
> > >
> > >             logger.debug("assertion being looked at is \n" +
> > >                          XmlUtils.toString(assertion.getDOM()));
> > >             
> > >             List authzDecisionStmtList = assertion.getStatements();
> > >
> > >             if ((authzDecisionStmtList == null) ||
> > >                 (authzDecisionStmtList.size() < 1)) {
> > >                 logger.debug("This assertion does not have 
> > any XACML Authz "
> > >                              + "Decision Statement Type");
> > >                 continue;
> > >             }
> > >
> > >
> > > The assertion snippet looks like this:
> > >
> > > <saml:Assertion IssueInstant="2008-07-21T18:22:25Z"
> > > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
> > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> > > xsi:type="saml:AssertionType"><saml:Issuer
> > > Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
> > > xsi:type="saml:NameIDType"/><saml:Statement
> > xsi:type="XACMLassertion:XACMLAuthzDecisionStatementType"><XAC
> > MLcontext:Resp
> > > onse 
> > xmlns:XACMLcontext="urn:oasis:names:tc:xacml:2.0:context:schema:os"
> > > xsi:type="XACMLcontext:ResponseType"><XACMLcontext:Result
> > xsi:type="XACMLcontext:ResultType"><XACMLcontext:Decision>Perm
> > it</XACMLconte
> > > xt:Decision><XACMLcontext:Status
> > > xsi:type="XACMLcontext:StatusType"><XACMLcontext:StatusCode
> > > Value="urn:oasis:names:tc:xacml:1.0:status:ok"
> > xsi:type="XACMLcontext:StatusCodeType"/></XACMLcontext:Status>
> > </XACMLcontext
> > > :Result></XACMLcontext:Response></saml:Statement></saml:Assertion>
> > >
> > > But the above error is triggered and the assertion does not have any
> > > statements. 
> > >
> > > Any ideas on what the issue is? How I can get further 
> > logging information
> > > from OpenSAML to understand issue with the Assertion object 
> > creation?
> > > Thanks,
> > > Rachana
> > --
> > SWITCH
> > Serving Swiss Universities
> > --------------------------
> > Chad La Joie, Software Engineer, Net Services
> > Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
> > phone +41 44 268 15 75, fax +41 44 268 15 68
> > ,
> >  http://www.switch.ch

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
 http://www.switch.ch