mace-opensaml-users - Adding X509 certificate info to SAML assertion
Subject: OpenSAML user discussion
List archive
- From: lakshmi narasimhan <>
- To:
- Subject: Adding X509 certificate info to SAML assertion
- Date: Tue, 10 Nov 2009 17:58:35 +0000
- Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=CavwSYgTfV/ggZBh0TCVJiGiddvikrzMNQnxcTXu59rmx0TQSnND2WinQkYp/j5u7L 60pDNxjG1boU10KjnrYdXs02sRrKITw9FZtWXtFEMr30ha1sX4DfUA4wIkP3R/LwEfGN nbQbiQo+aYcsST8XRUuajuBBoZYp/LS/ouHWg=
Hello all,
I'm trying to generate a valid SAML assertion using openSAML API. For signing the assertion, I'm generating the certificate using Java Keytool utility as follows:
keytool -genkey -alias myservicekey -keyalg RSA -sigalg SHA1withRSA -keypass skpass -storepass sspass -keystore serviceKeystore.jks -dname "cn=localhost"
keytool -genkey -alias myclientkey -keyalg RSA -sigalg SHA1withRSA -keypass ckpass -storepass cspass -keystore clientKeystore.jks -dname "cn=clientuser"
keytool -genkey -alias unauthorizedkey -keyalg RSA -sigalg SHA1withRSA -keypass ukpass -storepass uspass -keystore unauthIdentity.jks -dname "cn=unauthorizedkey"
keytool -export -rfc -keystore clientKeystore.jks -storepass cspass -alias MyClientKey -file MyClient.cer
keytool -import -trustcacerts -keystore serviceKeystore.jks -storepass sspass -alias MyClientKey -file MyClient.cer -noprompt
keytool -export -rfc -keystore serviceKeystore.jks -storepass sspass -alias MyServiceKey -file MyService.cer
keytool -import -trustcacerts -keystore clientKeystore.jks -storepass cspass -alias MyServiceKey -file MyService.cer -noprompt
import java.security.cert.X509Certificate;
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char[] password = "cspass".toCharArray();
FileInputStream fis = new FileInputStream("C:/clientKeystore.jks");
ks.load(fis, password);
fis.close();
KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)ks.getEntry("myclientkey", new KeyStore.PasswordProtection("ckpass".toCharArray()));
PrivateKey pk = pkEntry.getPrivateKey();
//I'm receiving type cast error here
org.opensaml.xml.signature.X509Certificate certificate = (org.opensaml.xml.signature.X509Certificate)pkEntry.getCertificate();
BasicX509Credential credential = new BasicX509Credential();
//credential.setEntityCertificate(certificate);
credential.setPrivateKey(pk);
While running the above code, I'm getting the following exception:
10-Nov-2009 17:40:01 org.opensaml.xml.XMLConfigurator load
INFO: ObjectProviders load complete
10-Nov-2009 17:40:01 org.opensaml.xml.XMLConfigurator load
INFO: Preparing to load ObjectProviders
10-Nov-2009 17:40:01 org.opensaml.xml.XMLConfigurator load
INFO: ObjectProviders load complete
java.lang.ClassCastException: sun.security.x509.X509CertImpl
at com.aviva.tam.pmi.SAML2ResponseCreate.main(SAML2ResponseCreate.java:161)
I'm getting the exception mentioned above when I try typecasting the X509 cert generated by Java API into an OpenSAML X509Certificate. Could you please suggest how I should add an X509 certificate to a SAML assertion using OpenSAML API v2.0?
Thanks,
Laks.
- Adding X509 certificate info to SAML assertion, lakshmi narasimhan, 11/10/2009
- Re: [OpenSAML] Adding X509 certificate info to SAML assertion, Chad La Joie, 11/10/2009
- RE: [OpenSAML] Adding X509 certificate info to SAML assertion, Scott Cantor, 11/10/2009
Archive powered by MHonArc 2.6.16.