OpenSAML user discussion

[Brent Putman <>]

Ok, I see, your question is really about how to implement XMLObject
support for a custom schema, e.g. stuff from the "rac" namespace below.
Once you have those, you just add them to the AuthnRequest/Extensions as
I described earlier. You have 2 choices:

1) the right and best way is to implement XMLObjects for those custom
elements.  This will make it easier to both generate and process them. 
You would write support for your custom elements by implementing
XMLObject interfaces and impls, marshallers and unmarshallers for each
element.  See the OpenSAML developer's guide for details:

https://spaces.internet2.edu/display/OpenSAML/OSTwoDeveloperManual

You can also look at any of the code in SAML for examples of how that is
done.  I would strongly urge you to implement this solution rather than
the next.


2) a quick and dirty way to generate such a structure is to use more
generic object provider support already in the library.  You can use the
XSAny XMLObject implementation for an element that has extensible
element and/or attribute content, and then marshall it as element with a
particular QName.  This would work for your RequestedAuthnContexts
element with its complex content type.  You could also use XSAny
provider for your AuthnContextClassRef element, as it supports text
content.  Or you could just use the XSString provider.  (I won't ask why
you aren't just reusing the similarly named element from the Assertion
schema).  There's an example at the bottom of the following wiki page of
using the XSString provider directly.  Just adjust the QName used for
your element name (instead of the example Attribute).

https://spaces.internet2.edu/display/OpenSAML/OSTwoUsrManJavaAnyTypes

Usage of XSAny is similar.  In both cases you'd want to omit the second
QName arg in the builder's buildObject method, as you probably don't
want to express the xsi:type on the element.


--Brent




Deena Gurajala wrote:
> I am sorry. May be I am not clear in expressing what I wanted. I want
> to produce some thing similar to the following snippet.
>
> <samlp:AuthnRequest>
> .
>   <samlp:Extensions>
>
>     <rac:RequestedAuthnContexts>
>         <rac:AuthnContextClassRef>
>            ac:classes:Password              
>         </rac:AuthnContextClassRef>
>         <rac:AuthnContextClassRef>
>            ac:classes:NonShared
>         </rac:AuthnContextClassRef>
>     </rac:RequestedAuthnContexts>
>
>   </samlp:Extensions>
>
> </samlp:AuthnRequest>
>
>
> How can I achieve with openSAML 2.0?
>
> On Mon, Nov 2, 2009 at 9:10 PM, Brent Putman 
> <
> <mailto:>>
>  wrote:
>
>     You'll have to be much more specific in what you are trying to do.  We
>     can give you guidance in using the OpenSAML library toolkit to
>     accomplish what you want to express in SAML, but you have not
>     given much
>     detail as to what you are trying to accomplish.
>
>     If you are seeking some general guidance on how to solve some problem
>     using SAML - rather than how to implement a particular solution with
>     OpenSAML - this might not be the correct list.
>
>
>
>     Deena Gurajala wrote:
>     > I mean Extensions element of SAML 2 protocol message. We had a
>     > situation to support some extra attributes in Authorizations (We are
>     > not using XACML). Could you provide some sample code to build
>     this one?
>     >
>     > On Mon, Nov 2, 2009 at 5:11 PM, Brent Putman
>     
> <
>  
> <mailto:>
>     > 
> <mailto:
>  
> <mailto:>>>
>     wrote:
>     >
>     >     Do you mean software extensions to the library, or do you
>     mean use of
>     >     the Extensions element of SAML 2 protocol message?
>     >
>     >     In terms of the latter, you just add what extension
>     XMLObjects you
>     >     want
>     >     to the protocol message Extensions object, by calling
>     >     Extensions#getUnknownXMLObjects(), and adding/processing
>     what you want
>     >     to the List that is returned (just like other list return
>     types in
>     >     OpenSAML).
>     >
>     >     Of course defining what extensions you use and what they
>     mean and how
>     >     they are processed on the receiver side is all up to you, if
>     >     there's not
>     >     an existing profile for that extension.
>     >
>     >
>     >     Deena Gurajala wrote:
>     >     > Hi,
>     >     >
>     >     > Can some body throw some light on using Extensions with
>     openSAML ? I
>     >     > want to use some thing similar to attribute statement in
>     the Query?
>     >
>     >
>
>