Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Failed to add <ds:keyinfo> element into the subjectConfirmationData object

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Failed to add <ds:keyinfo> element into the subjectConfirmationData object


Chronological Thread 
  • From: Brent Putman <>
  • To:
  • Subject: Re: [OpenSAML] Failed to add <ds:keyinfo> element into the subjectConfirmationData object
  • Date: Thu, 09 Jul 2009 17:09:56 -0400



Thilina Mahesh Buddhika wrote:



//Add the Element that containts X509 certificate into the SubjectCOnfirmationData element
subjectConfirmationData.getOrderedChildren().add(keyInfoElement);
 
----------------------------------------------------------------------------------------------------------------------------------------------------------------


when I am trying to add the keyinfo element to the subjectConfirmationData object, I am hitting with this error.

-------------------------------------------------------------------------
java.lang.UnsupportedOperationException
    at java.util.Collections$UnmodifiableCollection.add(Collections.java:1018)
    at org.apache.rahas.impl.SAML2TokenIssuer.createSubject(SAML2TokenIssuer.java:408)
    at org.apache.rahas.impl.SAML2TokenIssuer.issue(SAML2TokenIssuer.java:154)
    at org.apache.rahas.TokenRequestDispatcher.handle(TokenRequestDispatcher.java:70)

-------------------------------------------------------------------------------------------------------------------------------------------------


Right, that error is expected, the getOrderedChildren list is not modifiable, it's used in the marshalling process only.




What is the correct approach to add XMLObjects into SAMLConfirmationData object ? Am I missing anything ?




In general for a SubjectConfirmationData generally speaking, you would use the getUnknownXMLObjects() List, as the other poster indicated, which is part of the element-extensible XMLObject interface.

However, since you are specifically trying to do holder-of-key confirmation method, per the spec for that method you should probably be using the SubjectConfirmationData derived type of KeyInfoConfirmationDataType, expressed as an xsi:type on the element.  I think it's optional, but probably a good idea to explicitly indicate the confirmation data type in that case.

To achieve that, the builder process is slightly different:


SAMLObjectBuilder<KeyInfoConfirmationDataType>  keyInfoSubjectConfirmationDataBuilder =
   (SAMLObjectBuilder<KeyInfoConfirmationDataType>)  getBuilderFactory().getBuilder(KeyInfoConfirmationDataType.TYPE_NAME);


KeyInfoConfirmationDataType scData = keyInfoSubjectConfirmationDataBuilder.
       buildObject(SubjectConfirmationData.DEFAULT_ELEMENT_NAME, KeyInfoConfirmationDataType.TYPE_NAME);



And then the XMLObject provider for that derived restricted type has a specific interface for adding a KeyInfo element:

scData.getKeyInfos().add(keyInfo);


HTH,
Brent






Archive powered by MHonArc 2.6.16.

Top of Page