mace-opensaml-users - Re: [OpenSAML] The attribute data type does not seem to be part of the xml in the response even though I have set it
Subject: OpenSAML user discussion
List archive
Re: [OpenSAML] The attribute data type does not seem to be part of the xml in the response even though I have set it
Chronological Thread
- From: Chad La Joie <>
- To:
- Subject: Re: [OpenSAML] The attribute data type does not seem to be part of the xml in the response even though I have set it
- Date: Mon, 29 Sep 2008 20:44:42 +0200
- Openpgp: id=146B2514
- Organization: SWITCH
It was a bug that was fixed. Which you could have found by typing
"DataType" in to Jira.
Jay Packard wrote:
> The attribute data type does not seem to be part of the xml in the
> response even though I have set it:
>
>
> AttributeAssignmentTypeImplBuilder attributeAssignmentBuilder =
> (AttributeAssignmentTypeImplBuilder)builderFactory.getBuilder(AttributeAssignmentType.DEFAULT_ELEMENT_NAME);
>
> attributeAssignment = attributeAssignmentBuilder.buildObject();
> attributeAssignment.setAttributeId("http://authz-interop.org/xacml/attribute/username");
>
> attributeAssignment.setDataType("http://www.w3.org/2001/XMLSchema#string");
> attributeAssignment.setValue(account);
> ...
> ObligationTypeImplBuilder obligationBuilder =
> (ObligationTypeImplBuilder)builderFactory.getBuilder(ObligationType.DEFAULT_ELEMENT_QNAME);
>
> ObligationType obligation = obligationBuilder.buildObject();
> obligation.setFulfillOn(EffectType.Permit);
> obligation.setObligationId("http://authz-interop.org/xacml/obligation/username");
>
> if (attributeAssignment != null)
> obligation.getAttributeAssignments().add(attributeAssignment);
> ...
> queryRequest =
> (XACMLAuthzDecisionQueryType)requestUnmarshaller.unmarshall(queryElement);
>
> logger.debug("XACMLAuthzDecisionQueryType object received:
> "+XMLUtils.ElementToString(queryRequest.getDOM()));
>
>
> and get the following log:
>
>
> Response object returned: <samlp:Response
> InResponseTo="_b646694f56a232e2add9048cc62a0dba" Version="2.0"
> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Assertion
> Version="2.0"
> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Statement
> xmlns:xacml-saml="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:assertion"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="xacml-saml:XACMLAuthzDecisionStatementType"><xacml-context:Request
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:Subject
> SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:Attribute
> AttributeId="http://authz-interop.org/xacml/subject/subject-x509-id"
> DataType="http://www.w3.org/2001/XMLSchema#string"
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:AttributeValue>/DC=org/DC=doegrids/OU=People/CN=Ted
> Hesselroth
> 898520</xacml-context:AttributeValue></xacml-context:Attribute><xacml-context:Attribute
> AttributeId="http://authz-interop.org/xacml/subject/voms-fqan"
> DataType="http://www.w3.org/2001/XMLSchema#string"
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:AttributeValue>/cms/uscms/Role=cmsuser/Capability=NULL</xacml-context:AttributeValue></xacml-context:Attribute></xacml-context:Subject><xacml-context:Resource
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:Attribute
> AttributeId="http://authz-interop.org/xacml/resource/dns-host-name"
> DataType="http://www.w3.org/2001/XMLSchema#string"
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:AttributeValue>camp5.townhouse</xacml-context:AttributeValue></xacml-context:Attribute><xacml-context:Attribute
> AttributeId="http://authz-interop.org/xacml/resource/resource-x509-id"
> DataType="http://www.w3.org/2001/XMLSchema#string"
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:AttributeValue>/DC=org/DC=doegrids/OU=Services/CN=cascade.fnal.gov</xacml-context:AttributeValue></xacml-context:Attribute></xacml-context:Resource><xacml-context:Action
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:Attribute
> AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
> DataType="http://www.w3.org/2001/XMLSchema#string"
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:AttributeValue>http://authz-interop.org/xacml/action/action-type/access</xacml-context:AttributeValue></xacml-context:Attribute></xacml-context:Action><xacml-context:Environment
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:Attribute
> AttributeId="http://authz-interop.org/xacml/environment/pep-oblig-supported"
> DataType="http://www.w3.org/2001/XMLSchema#string"
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:AttributeValue>http://authz-interop.org/xacml/obligation/username</xacml-context:AttributeValue><xacml-context:AttributeValue>http://authz-interop.org/xacml/attribute/posix-uid</xacml-context:AttributeValue><xacml-context:AttributeValue>http://authz-interop.org/xacml/attribute/posix-gid</xacml-context:AttributeValue></xacml-context:Attribute></xacml-context:Environment></xacml-context:Request><xacml-context:Response
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"><xacml-context:Result><xacml-context:Decision>Permit</xacml-context:Decision><xacml-context:Status><xacml-context:StatusCode
> Value="http://oasis/names/tc/xacml/1.0/status/ok"/></xacml-context:Status><xacml:Obligations
> xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"><xacml:Obligation
> FulfillOn="Permit"
> ObligationId="http://authz-interop.org/xacml/obligation/username"><xacml:AttributeAssignment
> AttributeId="http://authz-interop.org/xacml/attribute/username">testAccount</xacml:AttributeAssignment></xacml:Obligation></xacml:Obligations></xacml-context:Result></xacml-context:Response></saml:Statement></saml:Assertion></samlp:Response>
>
>
> Any ideas?
>
> Thanks,
> Jay Packard
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch
- The attribute data type does not seem to be part of the xml in the response even though I have set it, Jay Packard, 09/29/2008
- Re: [OpenSAML] The attribute data type does not seem to be part of the xml in the response even though I have set it, Chad La Joie, 09/29/2008
- Re: [OpenSAML] The attribute data type does not seem to be part of the xml in the response even though I have set it, Jay Packard, 09/29/2008
- Re: [OpenSAML] The attribute data type does not seem to be part of the xml in the response even though I have set it, Chad La Joie, 09/29/2008
Archive powered by MHonArc 2.6.16.