OpenSAML user discussion

[Chad La Joie <>]

It was a bug that was fixed.  Which you could have found by typing
"DataType" in to Jira.

Jay Packard wrote:
> The attribute data type does not seem to be part of the xml in the
> response even though I have set it:
> 
> 
> AttributeAssignmentTypeImplBuilder attributeAssignmentBuilder =
> (AttributeAssignmentTypeImplBuilder)builderFactory.getBuilder(AttributeAssignmentType.DEFAULT_ELEMENT_NAME);
> 
> attributeAssignment = attributeAssignmentBuilder.buildObject();
> attributeAssignment.setAttributeId("http://authz-interop.org/xacml/attribute/username";);
>                                                 
> attributeAssignment.setDataType("http://www.w3.org/2001/XMLSchema#string";);
> attributeAssignment.setValue(account);
> ...
> ObligationTypeImplBuilder obligationBuilder =
> (ObligationTypeImplBuilder)builderFactory.getBuilder(ObligationType.DEFAULT_ELEMENT_QNAME);
> 
> ObligationType obligation = obligationBuilder.buildObject();
> obligation.setFulfillOn(EffectType.Permit);
> obligation.setObligationId("http://authz-interop.org/xacml/obligation/username";);
> 
> if (attributeAssignment != null)
>    obligation.getAttributeAssignments().add(attributeAssignment);
> ...
> queryRequest =
> (XACMLAuthzDecisionQueryType)requestUnmarshaller.unmarshall(queryElement);  
>                      
> logger.debug("XACMLAuthzDecisionQueryType object received:
> "+XMLUtils.ElementToString(queryRequest.getDOM()));
> 
> 
> and get the following log:
> 
> 
> Response object returned: <samlp:Response
> InResponseTo="_b646694f56a232e2add9048cc62a0dba" Version="2.0"
> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Assertion
> Version="2.0"
> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Statement
> xmlns:xacml-saml="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:assertion"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:type="xacml-saml:XACMLAuthzDecisionStatementType"><xacml-context:Request
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:Subject
> SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:Attribute
> AttributeId="http://authz-interop.org/xacml/subject/subject-x509-id";
> DataType="http://www.w3.org/2001/XMLSchema#string";
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:AttributeValue>/DC=org/DC=doegrids/OU=People/CN=Ted
> Hesselroth
> 898520</xacml-context:AttributeValue></xacml-context:Attribute><xacml-context:Attribute
> AttributeId="http://authz-interop.org/xacml/subject/voms-fqan";
> DataType="http://www.w3.org/2001/XMLSchema#string";
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:AttributeValue>/cms/uscms/Role=cmsuser/Capability=NULL</xacml-context:AttributeValue></xacml-context:Attribute></xacml-context:Subject><xacml-context:Resource
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:Attribute
> AttributeId="http://authz-interop.org/xacml/resource/dns-host-name";
> DataType="http://www.w3.org/2001/XMLSchema#string";
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:AttributeValue>camp5.townhouse</xacml-context:AttributeValue></xacml-context:Attribute><xacml-context:Attribute
> AttributeId="http://authz-interop.org/xacml/resource/resource-x509-id";
> DataType="http://www.w3.org/2001/XMLSchema#string";
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:AttributeValue>/DC=org/DC=doegrids/OU=Services/CN=cascade.fnal.gov</xacml-context:AttributeValue></xacml-context:Attribute></xacml-context:Resource><xacml-context:Action
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:Attribute
> AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
> DataType="http://www.w3.org/2001/XMLSchema#string";
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:AttributeValue>http://authz-interop.org/xacml/action/action-type/access</xacml-context:AttributeValue></xacml-context:Attribute></xacml-context:Action><xacml-context:Environment
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:Attribute
> AttributeId="http://authz-interop.org/xacml/environment/pep-oblig-supported";
> DataType="http://www.w3.org/2001/XMLSchema#string";
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:AttributeValue>http://authz-interop.org/xacml/obligation/username</xacml-context:AttributeValue><xacml-context:AttributeValue>http://authz-interop.org/xacml/attribute/posix-uid</xacml-context:AttributeValue><xacml-context:AttributeValue>http://authz-interop.org/xacml/attribute/posix-gid</xacml-context:AttributeValue></xacml-context:Attribute></xacml-context:Environment></xacml-context:Request><xacml-context:Response
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:Result><xacml-context:Decision>Permit</xacml-context:Decision><xacml-context:Status><xacml-context:StatusCode
> Value="http://oasis/names/tc/xacml/1.0/status/ok"/></xacml-context:Status><xacml:Obligations
> xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"><xacml:Obligation
> FulfillOn="Permit"
> ObligationId="http://authz-interop.org/xacml/obligation/username";><xacml:AttributeAssignment
> AttributeId="http://authz-interop.org/xacml/attribute/username";>testAccount</xacml:AttributeAssignment></xacml:Obligation></xacml:Obligations></xacml-context:Result></xacml-context:Response></saml:Statement></saml:Assertion></samlp:Response>
> 
> 
> Any ideas?
> 
> Thanks,
> Jay Packard

-- 
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
 http://www.switch.ch