Skip to Content.
Sympa Menu

mace-opensaml-users - The attribute data type does not seem to be part of the xml in the response even though I have set it

Subject: OpenSAML user discussion

List archive

The attribute data type does not seem to be part of the xml in the response even though I have set it


Chronological Thread 
  • From: Jay Packard <>
  • To:
  • Subject: The attribute data type does not seem to be part of the xml in the response even though I have set it
  • Date: Mon, 29 Sep 2008 14:10:43 -0400

The attribute data type does not seem to be part of the xml in the response even though I have set it:


AttributeAssignmentTypeImplBuilder attributeAssignmentBuilder = (AttributeAssignmentTypeImplBuilder)builderFactory.getBuilder(AttributeAssignmentType.DEFAULT_ELEMENT_NAME);                                
attributeAssignment = attributeAssignmentBuilder.buildObject();         
attributeAssignment.setAttributeId("http://authz-interop.org/xacml/attribute/username");                                                 attributeAssignment.setDataType("http://www.w3.org/2001/XMLSchema#string");
attributeAssignment.setValue(account);
...
ObligationTypeImplBuilder obligationBuilder = (ObligationTypeImplBuilder)builderFactory.getBuilder(ObligationType.DEFAULT_ELEMENT_QNAME);
ObligationType obligation = obligationBuilder.buildObject();
obligation.setFulfillOn(EffectType.Permit);
obligation.setObligationId("http://authz-interop.org/xacml/obligation/username");
if (attributeAssignment != null)
   obligation.getAttributeAssignments().add(attributeAssignment);
...
queryRequest = (XACMLAuthzDecisionQueryType)requestUnmarshaller.unmarshall(queryElement);                        logger.debug("XACMLAuthzDecisionQueryType object received: "+XMLUtils.ElementToString(queryRequest.getDOM()));


and get the following log:


Response object returned: <samlp:Response InResponseTo="_b646694f56a232e2add9048cc62a0dba" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Assertion Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Statement xmlns:xacml-saml="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xacml-saml:XACMLAuthzDecisionStatementType"><xacml-context:Request xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:Subject SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:Attribute AttributeId="http://authz-interop.org/xacml/subject/subject-x509-id" DataType="http://www.w3.org/2001/XMLSchema#string" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:AttributeValue>/DC=org/DC=doegrids/OU=People/CN=Ted Hesselroth 898520</xacml-context:AttributeValue></xacml-context:Attribute><xacml-context:Attribute AttributeId="http://authz-interop.org/xacml/subject/voms-fqan" DataType="http://www.w3.org/2001/XMLSchema#string" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:AttributeValue>/cms/uscms/Role=cmsuser/Capability=NULL</xacml-context:AttributeValue></xacml-context:Attribute></xacml-context:Subject><xacml-context:Resource xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:Attribute AttributeId="http://authz-interop.org/xacml/resource/dns-host-name" DataType="http://www.w3.org/2001/XMLSchema#string" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:AttributeValue>camp5.townhouse</xacml-context:AttributeValue></xacml-context:Attribute><xacml-context:Attribute AttributeId="http://authz-interop.org/xacml/resource/resource-x509-id" DataType="http://www.w3.org/2001/XMLSchema#string" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:AttributeValue>/DC=org/DC=doegrids/OU=Services/CN=cascade.fnal.gov</xacml-context:AttributeValue></xacml-context:Attribute></xacml-context:Resource><xacml-context:Action xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:AttributeValue>http://authz-interop.org/xacml/action/action-type/access</xacml-context:AttributeValue></xacml-context:Attribute></xacml-context:Action><xacml-context:Environment xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:Attribute AttributeId="http://authz-interop.org/xacml/environment/pep-oblig-supported" DataType="http://www.w3.org/2001/XMLSchema#string" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:AttributeValue>http://authz-interop.org/xacml/obligation/username</xacml-context:AttributeValue><xacml-context:AttributeValue>http://authz-interop.org/xacml/attribute/posix-uid</xacml-context:AttributeValue><xacml-context:AttributeValue>http://authz-interop.org/xacml/attribute/posix-gid</xacml-context:AttributeValue></xacml-context:Attribute></xacml-context:Environment></xacml-context:Request><xacml-context:Response xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:Result><xacml-context:Decision>Permit</xacml-context:Decision><xacml-context:Status><xacml-context:StatusCode Value="http://oasis/names/tc/xacml/1.0/status/ok"/></xacml-context:Status><xacml:Obligations xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"><xacml:Obligation FulfillOn="Permit" ObligationId="http://authz-interop.org/xacml/obligation/username"><xacml:AttributeAssignment AttributeId="http://authz-interop.org/xacml/attribute/username">testAccount</xacml:AttributeAssignment></xacml:Obligation></xacml:Obligations></xacml-context:Result></xacml-context:Response></saml:Statement></saml:Assertion></samlp:Response>

Any ideas?

Thanks,
Jay Packard



Archive powered by MHonArc 2.6.16.

Top of Page