Skip to Content.
Sympa Menu

mace-opensaml-users - RE: [OpenSAML] Migrating to opensaml 2.2.0

Subject: OpenSAML user discussion

List archive

RE: [OpenSAML] Migrating to opensaml 2.2.0


Chronological Thread 
  • From: "Pantvaidya, Vishwajit" <>
  • To: "" <>
  • Subject: RE: [OpenSAML] Migrating to opensaml 2.2.0
  • Date: Fri, 24 Oct 2008 17:15:15 -0700
  • Accept-language: en-US
  • Acceptlanguage: en-US

Hi Brent,

 

Your suggestion worked. OpenSAML seems to be able to deserialize the SAML response from the identifying party. Only – it is not able to find any subjects within the request. So my codeline “Subject subject = ((SubjectStatement)(assertion.getSubjectStatements().get(0))).getSubject();” is throwing exception.

From the xml dump I took with the earlier toolkit, I see that the subject is within the Authentication Statement.

 

Is there any way I can serialize the Response object from opensaml just to get an xml dump and verify that everything is fine?

 

Also I also have following deployment related queries:

 

  1. We have latest versions of xerces and xalan in our web-inf\lib folder. Why do I have to endorse them? If I set the JAXP properties to point to the xerces-xalan implementations, would OpenSAML be able to use them? Endorsing these libs just so that OpenSAML can use them seems to be an overkill and not a good practice.
  2. How do I ensure that I am conforming to SAML 1.1 and not 1.0? The opensaml classes I import right now are packaged as org.opensaml.saml1.core.

 

 

Thanks,

 

Vish.

 

From: Pantvaidya, Vishwajit [mailto:]
Sent: Thursday, October 23, 2008 9:55 AM
To:
Subject: RE: [OpenSAML] Migrating to opensaml 2.2.0

 

Thanks Brent – will try this out…

 

From: Brent Putman [mailto:]
Sent: Wednesday, October 22, 2008 10:55 AM
To:
Subject: Re: [OpenSAML] Migrating to opensaml 2.2.0

 



Pantvaidya, Vishwajit wrote:

 

 

Based on my understanding, since I am not implementing a complete service provider, but only the browser post profile, I should be okay with OpenSAML i.e. I do not need to use Shibboleth – is that accurate?

 



Correct.  If you want to write your own SP (complete or otherwise), then using the OpenSAML toolkit is the way to go.  Shibboleth is comprised of higher-level implementations of an SP and an IdP, built on top of OpenSAML.


If that is right, then how do I instantiate the HTTPPostDecoder? I see that the constructor needs a SAMLArtifactMap – but I do not have any artifacts as I am doing browser post profile.



Yes, that was a design bug.

https://bugs.internet2.edu/jira/browse/JOST-28

It hasn't been fixed yet, as it constitutes an API change (which we only can do at a major release version).  However, I suppose at this point we should go ahead and add constructors without the artifact map and deprecate the others, removing them on the next major release.  I will try and do that fairly soon, although I'm not sure when we will put out the next release.

But in the meantime you can just pass a null for the ArtifactMap argument.  It isn't checked for null-ness and obviously isn't ever used, so that will at least get you started.

--Brent


Archive powered by MHonArc 2.6.16.

Top of Page