Skip to Content.
Sympa Menu

mace-opensaml-users - RE: [OpenSAML] Assertion object does not return statements

Subject: OpenSAML user discussion

List archive

RE: [OpenSAML] Assertion object does not return statements


Chronological Thread 
  • From: "Rachana Ananthakrishnan" <>
  • To: <>
  • Subject: RE: [OpenSAML] Assertion object does not return statements
  • Date: Thu, 24 Jul 2008 17:20:59 -0500

Here is some logging information from this. In cases where the statement is
not picked up from the assertion, I see a statement that says "No
unmarshaller was registered for Statement".

Logs from case with the issue:

2008-07-24T14:20:21.906-05:00 DEBUG io.MarshallerFactory
[ServiceThread-52,registerMarshaller:102] Registering marshaller,
org.opensaml.xacml.profile.saml.impl.XACMLAuthzDecisionStatementTypeMarshall
er, for object type
{urn:oasis:names:tc:xacml:1.0:profile:saml2.0:v2:schema:assertion}XACMLAuthz
DecisionStatement 2008-07-24T14:20:21.906-05:00 DEBUG io.UnmarshallerFactory
[ServiceThread-52,registerUnmarshaller:103] Registering unmarshaller,
org.opensaml.xacml.profile.saml.impl.XACMLAuthzDecisionStatementTypeUnmarsha
ller, for object type,
{urn:oasis:names:tc:xacml:1.0:profile:saml2.0:v2:schema:assertion}XACMLAuthz
DecisionStatement

...

2008-07-24T14:20:28.359-05:00 TRACE io.AbstractXMLObjectUnmarshaller
[ServiceThread-52,unmarshallChildElement:310] No unmarshaller was registered
for {urn:oasis:names:tc:SAML:2.0:assertion}Statement, child of
{urn:oasis:names:tc:SAML:2.0:assertion}Assertion. Using default
unmarshaller.
2008-07-24T14:20:28.359-05:00 TRACE io.AbstractXMLObjectUnmarshaller
[ServiceThread-52,unmarshallChildElement:315] Unmarshalling child element
{urn:oasis:names:tc:SAML:2.0:assertion}Statementwith unmarshaller
org.opensaml.xml.schema.impl.XSAnyUnmarshaller 2008-07-24T14:20:28.359-05:00
TRACE io.AbstractXMLObjectUnmarshaller [ServiceThread-52,unmarshall:93]
Starting to unmarshall DOM element
{urn:oasis:names:tc:SAML:2.0:assertion}Statement
2008-07-24T14:20:28.359-05:00 TRACE io.AbstractXMLObjectUnmarshaller
[ServiceThread-52,checkElementIsTarget:142] Targeted QName checking is not
available for this unmarshaller, DOM Element
{urn:oasis:names:tc:SAML:2.0:assertion}Statement was not verified
2008-07-24T14:20:28.359-05:00 TRACE io.AbstractXMLObjectUnmarshaller
[ServiceThread-52,buildXMLObject:183] Building XMLObject for
{urn:oasis:names:tc:SAML:2.0:assertion}Statement
2008-07-24T14:20:28.359-05:00 TRACE io.AbstractXMLObjectUnmarshaller
[ServiceThread-52,buildXMLObject:194] No builder was registered for
{urn:oasis:names:tc:SAML:2.0:assertion}Statement but the default builder
org.opensaml.xml.schema.impl.XSAnyBuilder was available, using it.
2008-07-24T14:20:28.359-05:00 TRACE io.AbstractXMLObjectUnmarshaller
[ServiceThread-52,unmarshall:99] Unmarshalling attributes of DOM Element
{urn:oasis:names:tc:SAML:2.0:assertion}Statement
2008-07-24T14:20:28.375-05:00 TRACE io.AbstractXMLObjectUnmarshaller
[ServiceThread-52,unmarshallAttribute:215] Pre-processing attribute
{http://www.w3.org/2001/XMLSchema-instance}type
2008-07-24T14:20:28.375-05:00 TRACE io.AbstractXMLObjectUnmarshaller
[ServiceThread-52,unmarshall:111] Unmarshalling other child nodes of DOM
Element {urn:oasis:names:tc:SAML:2.0:assertion}Statement
2008-07-24T14:20:28.375-05:00 TRACE io.AbstractXMLObjectUnmarshaller
[ServiceThread-52,unmarshallChildElement:298] Unmarshalling child elements
of XMLObject
{urn:oasis:names:tc:SAML:2.0:assertion}Statement

In cases where the statement in the assertion is picked up, the logging
statement looks like this:

2008-07-24T16:00:34.703-05:00 TRACE io.AbstractXMLObjectUnmarshaller
[ServiceThread-4,unmarshallChildElement:298] Unmarshalling child elements of
XMLObject {urn:oasis:names:tc:SAML:2.0:assertion}Assertion
2008-07-24T16:00:34.703-05:00 TRACE io.AbstractXMLObjectUnmarshaller
[ServiceThread-4,unmarshallChildElement:315] Unmarshalling child element
{urn:oasis:names:tc:SAML:2.0:assertion}Statementwith unmarshaller
org.opensaml.xacml.profile.saml.impl.XACMLAuthzDecisionStatementTypeUnmarsha
ller 2008-07-24T16:00:34.703-05:00 TRACE io.AbstractXMLObjectUnmarshaller
[ServiceThread-4,unmarshall:93] Starting to unmarshall DOM element
{urn:oasis:names:tc:SAML:2.0:assertion}Statement

I am not able to tell what triggers the change. In both cases the same
service and clients are being used, so no configuration change is done. The
wire message(attached in previous email) in both cases look correct.

Thanks,
Rachana

> -----Original Message-----
> From: Chad La Joie
> [mailto:]
>
> Sent: Wednesday, July 23, 2008 12:17 PM
> To:
>
> Subject: Re: [OpenSAML] Assertion object does not return statements
>
> If you turn on debug logging for OpenSAML it will tell you all the
> object provides it's loading in to its configuration.
>
> Rachana Ananthakrishnan wrote:
> > This is using the latest version (with your fix for
> obligations) - the same
> > code base works fine if I use a Java client to access it,
> so the library
> > must be correct.
> >
> > Is there any logging option that I can enable to see if
> indeed the XACML
> > pieces are being ignored?
> >
> > Thanks,
> > Rachana
> >
> >> -----Original Message-----
> >> From: Chad La Joie
> >> [mailto:]
> >>
> >> Sent: Wednesday, July 23, 2008 11:35 AM
> >> To:
> >>
> >> Subject: Re: [OpenSAML] Assertion object does not return statements
> >>
> >> I just tested this with the latest code and it works fine
> >> with me. If
> >> you are using old code and are not loading the XACML
> >> extension then the
> >> library is just going to ignore those extensions, which I
> >> would guess is
> >> what is happening.
> >>
> >> Rachana Ananthakrishnan wrote:
> >>> We are testing interoperability between a C implementation
> >> of XACML SAML
> >>> profile and a Java one that uses OpenSAML. A response
> >> generated by C code
> >>> (attached is SOAP message and Response element), with
> >>> XACMLAutzDecisionStatementType, when parsed using OpenSAML
> >> library creates a
> >>> Assertion object with no statements.
> >>>
> >>> With the following code to validate the assertion:
> >>>
> >>> Assertion assertion = (Assertion) assertionsIter.next();
> >>>
> >>> logger.debug("assertion being looked at is \n" +
> >>> XmlUtils.toString(assertion.getDOM()));
> >>>
> >>> List authzDecisionStmtList =
> assertion.getStatements();
> >>>
> >>> if ((authzDecisionStmtList == null) ||
> >>> (authzDecisionStmtList.size() < 1)) {
> >>> logger.debug("This assertion does not have
> >> any XACML Authz "
> >>> + "Decision Statement Type");
> >>> continue;
> >>> }
> >>>
> >>>
> >>> The assertion snippet looks like this:
> >>>
> >>> <saml:Assertion IssueInstant="2008-07-21T18:22:25Z"
> >>> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
> >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> >>> xsi:type="saml:AssertionType"><saml:Issuer
> >>> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
> >>> xsi:type="saml:NameIDType"/><saml:Statement
> >>>
> >> xsi:type="XACMLassertion:XACMLAuthzDecisionStatementType"><XAC
> >> MLcontext:Resp
> >>> onse
> >> xmlns:XACMLcontext="urn:oasis:names:tc:xacml:2.0:context:schema:os"
> >>> xsi:type="XACMLcontext:ResponseType"><XACMLcontext:Result
> >>>
> >> xsi:type="XACMLcontext:ResultType"><XACMLcontext:Decision>Perm
> >> it</XACMLconte
> >>> xt:Decision><XACMLcontext:Status
> >>> xsi:type="XACMLcontext:StatusType"><XACMLcontext:StatusCode
> >>> Value="urn:oasis:names:tc:xacml:1.0:status:ok"
> >>>
> >> xsi:type="XACMLcontext:StatusCodeType"/></XACMLcontext:Status>
> >> </XACMLcontext
> >>> :Result></XACMLcontext:Response></saml:Statement></saml:Assertion>
> >>>
> >>> But the above error is triggered and the assertion does
> not have any
> >>> statements.
> >>>
> >>> Any ideas on what the issue is? How I can get further
> >> logging information
> >>> from OpenSAML to understand issue with the Assertion object
> >> creation?
> >>> Thanks,
> >>> Rachana
> >> --
> >> SWITCH
> >> Serving Swiss Universities
> >> --------------------------
> >> Chad La Joie, Software Engineer, Net Services
> >> Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
> >> phone +41 44 268 15 75, fax +41 44 268 15 68
> >> ,
> >> http://www.switch.ch
> >>
> >
>
> --
> SWITCH
> Serving Swiss Universities
> --------------------------
> Chad La Joie, Software Engineer, Net Services
> Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
> phone +41 44 268 15 75, fax +41 44 268 15 68
> ,
> http://www.switch.ch
>




Archive powered by MHonArc 2.6.16.

Top of Page