mace-opensaml-users - Help a newbie migrating from OpenSAML 1 to OpenSAML 2
Subject: OpenSAML user discussion
List archive
- From: Ryan <>
- To:
- Subject: Help a newbie migrating from OpenSAML 1 to OpenSAML 2
- Date: Sat, 28 Feb 2009 16:12:32 -0800
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; b=TQoDsmf92MldVMuhwrzTjIVlexh4mmp1cwfR5MbR9sH9XAGKud0Kp6M/BzrxTqjGcy +cNcf+gYB/tl8YQUpMJLj2zKS+KCjWWZdBu5sLijHvGxghpICmMOPcPoiTZPQteGOm9p WQmzQN+JNqnLuBwHD5kZvYGvSgthHF4voeLe8=
Hi All,
Forgive me if this is a dumb question, but I'm having some problems migrating some proof of concept code from the OpenSAML 1 to OpenSAML 2 library. I was able to build a simple SAMLResponse to successfully login to Salesforce.com, but now that I am trying to port that code over to using OpenSAML 2 (still using SAML 1.1), I'm not understanding how to link the objects together to build the assertion. I understand that the two libraries are not directly compatible, but hoping someone can point me in the right direction. Specifically, I am having problems with:
-How to add a subject confirmation method?
-How to add an audience to an AudienceRestrictionCondition?
-How to add an AuthenticationStatement to an Assertion?
-How to add an AudienceRestrictionCondition to an Assertion?
Below is a snippet of my working code in OpenSAML 1 and compared to my attempt in OpenSAML 2 with these items marked as TODOs in the OpenSAML 2 code:
OPEN SAML 1:
SAMLAssertion createAssertion(String username, String issuer) throws SAMLException{
SAMLNameIdentifier nameId = new SAMLNameIdentifier();
nameId.setName(username);
nameId.checkValidity();
SAMLSubject subject = new SAMLSubject();
subject.setNameIdentifier(nameId);
subject.addConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:bearer");
subject.checkValidity();
SAMLAuthenticationStatement authStatement = new SAMLAuthenticationStatement();
authStatement.setAuthMethod("AuthenticationMethod_Password");
authStatement.setAuthInstant(new Date());
authStatement.setSubject(subject);
authStatement.checkValidity();
SAMLAudienceRestrictionCondition condition = new SAMLAudienceRestrictionCondition();
condition.addAudience("https://saml.salesforce.com");
condition.checkValidity();
SAMLAssertion assertion = new SAMLAssertion();
assertion.setIssuer(issuer);
assertion.setIssueInstant(new Date());
assertion.setMinorVersion(1);
assertion.addStatement(authStatement);
assertion.addCondition(condition);
assertion.setId(generateId());
assertion.setNotBefore(new Date());
assertion.setNotOnOrAfter(new Date(2010,12,31));
assertion.checkValidity();
return assertion;
}
OpenSAML 2:
public IdentityProvider() throws Exception{
DefaultBootstrap.bootstrap();
builderFactory = Configuration.getBuilderFactory();
}
Assertion createAssertion(String username, String issuer) throws Exception{
SAMLObjectBuilder<NameIdentifier> nameIdBuilder = (SAMLObjectBuilder<NameIdentifier>) builderFactory.getBuilder(NameIdentifier.DEFAULT_ELEMENT_NAME);
NameIdentifier nameId = nameIdBuilder.buildObject();
nameId.setNameIdentifier(username);
SAMLObjectBuilder<SubjectConfirmationData> subjectConfirmationDataBuilder = (SAMLObjectBuilder<SubjectConfirmationData>) builderFactory.getBuilder(SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
SubjectConfirmationData subjectConfirmationData = subjectConfirmationDataBuilder.buildObject();
// subjectConfirmationData.addConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:bearer"); //TODO: addConfirmationMethod() method does not exist
SAMLObjectBuilder<SubjectConfirmation> subjectConfirmationBuilder = (SAMLObjectBuilder<SubjectConfirmation>) builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
SubjectConfirmation subjectConfirmation = subjectConfirmationBuilder.buildObject();
subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
SAMLObjectBuilder<Subject> subjectBuilder = (SAMLObjectBuilder<Subject>) builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME);
Subject subject = subjectBuilder.buildObject();
subject.setNameIdentifier(nameId);
subject.setSubjectConfirmation(subjectConfirmation);
SAMLObjectBuilder<AuthenticationStatement> authStatementBuilder = (SAMLObjectBuilder<AuthenticationStatement>) builderFactory.getBuilder(AuthenticationStatement.DEFAULT_ELEMENT_NAME);
AuthenticationStatement authStatement = authStatementBuilder.buildObject();
authStatement.setSubject(subject);
authStatement.setAuthenticationMethod("AuthenticationMethod_Password");
authStatement.setAuthenticationInstant(new DateTime());
SAMLObjectBuilder<AudienceRestrictionCondition> conditionBuilder = (SAMLObjectBuilder<AudienceRestrictionCondition>) builderFactory.getBuilder(AudienceRestrictionCondition.DEFAULT_ELEMENT_NAME);
AudienceRestrictionCondition condition = conditionBuilder.buildObject();
//condition.addAudience("https://saml.salesforce.com"); //TODO: addAudience() method does not exist
SAMLObjectBuilder<Assertion> assertionBuilder = (SAMLObjectBuilder<Assertion>) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
Assertion assertion = assertionBuilder.buildObject();
assertion.setIssuer(issuer);
assertion.setIssueInstant(new DateTime());
assertion.setVersion(SAMLVersion.VERSION_11);
assertion.setID(generateId());
//assertion.addStatement(authStatement); //TODO: addStatement() method does not exist
//assertion.addCondition(condition); //TODO: addCondition() method does not exist
return assertion;
}
Any tips anyone can provide would be appreciated.
Thank you,
Ryan
- Help a newbie migrating from OpenSAML 1 to OpenSAML 2, Ryan, 02/28/2009
- RE: [OpenSAML] Help a newbie migrating from OpenSAML 1 to OpenSAML 2, Scott Cantor, 02/28/2009
Archive powered by MHonArc 2.6.16.