OpenSAML user discussion

[Brent Putman <>]

Thilina Mahesh Buddhika wrote:

//Add the Element that containts X509 certificate into the SubjectCOnfirmationData element
subjectConfirmationData.getOrderedChildren().add(keyInfoElement);
 
----------------------------------------------------------------------------------------------------------------------------------------------------------------

when I am trying to add the keyinfo element to the subjectConfirmationData object, I am hitting with this error.

-------------------------------------------------------------------------
java.lang.UnsupportedOperationException
    at java.util.Collections$UnmodifiableCollection.add(Collections.java:1018)
    at org.apache.rahas.impl.SAML2TokenIssuer.createSubject(SAML2TokenIssuer.java:408)
    at org.apache.rahas.impl.SAML2TokenIssuer.issue(SAML2TokenIssuer.java:154)
    at org.apache.rahas.TokenRequestDispatcher.handle(TokenRequestDispatcher.java:70)

-------------------------------------------------------------------------------------------------------------------------------------------------

Right, that error is expected, the getOrderedChildren list is not modifiable, it's used in the marshalling process only.

What is the correct approach to add XMLObjects into SAMLConfirmationData object ? Am I missing anything ?

In general for a SubjectConfirmationData generally speaking, you would use the getUnknownXMLObjects() List, as the other poster indicated, which is part of the element-extensible XMLObject interface.

However, since you are specifically trying to do holder-of-key confirmation method, per the spec for that method you should probably be using the SubjectConfirmationData derived type of KeyInfoConfirmationDataType, expressed as an xsi:type on the element.  I think it's optional, but probably a good idea to explicitly indicate the confirmation data type in that case.

To achieve that, the builder process is slightly different:


SAMLObjectBuilder<KeyInfoConfirmationDataType>  keyInfoSubjectConfirmationDataBuilder =
   (SAMLObjectBuilder<KeyInfoConfirmationDataType>)  getBuilderFactory().getBuilder(KeyInfoConfirmationDataType.TYPE_NAME);


KeyInfoConfirmationDataType scData = keyInfoSubjectConfirmationDataBuilder.
       buildObject(SubjectConfirmationData.DEFAULT_ELEMENT_NAME, KeyInfoConfirmationDataType.TYPE_NAME);



And then the XMLObject provider for that derived restricted type has a specific interface for adding a KeyInfo element:

scData.getKeyInfos().add(keyInfo);


HTH,
Brent