mace-opensaml-users - Cannot validate signature
Subject: OpenSAML user discussion
List archive
- From: Guzman Llambias <>
- To:
- Subject: Cannot validate signature
- Date: Tue, 9 Feb 2010 22:49:38 -0200 (UYST)
Hi! I'm a bit new with opensaml and saml stuff, so sorry if this is a dumb
question.
I'm trying to create a signed saml assertion but when I send it to another
application, an error occurs saying it cannot validate the signature. So,
maybe I'm missing or have something wrong in my code.
Can anybody tell me if this code is wrong to create a signed saml assertion?
Thanks in advance
Guzmán
public static Assertion generateSignedAssertion(ServicioClientBean bean,
Credential signingCredential) throws AssertionCreatorException{
String strIssuer = bean.getIssuer();//"Agesic";
String strNameID = bean.getRole();//"Doctor";
String strAttrName = "User";
String strAttrNamespace = "urn:nac";
String strAttrValue = bean.getUsername();//"Juan";
String strAuthMethod =
"urn:oasis:names:tc:SAML:1.0:am:password";
String strConfirmationMethod =
"urn:oasis:names:tc:SAML:1.0:cm:bearer";
String strAssertionID = null;
try {
// OpenSAML 2.3
DefaultBootstrap.bootstrap();
XMLObjectBuilderFactory builderFactory =
Configuration.getBuilderFactory();
// Create the NameIdentifier
SAMLObjectBuilder nameIdBuilder = (SAMLObjectBuilder)
builderFactory.getBuilder(NameIdentifier.DEFAULT_ELEMENT_NAME);
NameIdentifier nameId = (NameIdentifier)
nameIdBuilder.buildObject();
nameId.setNameIdentifier(strNameID);
//nameId.setNameQualifier(strNameQualifier);
nameId.setFormat(NameIdentifier.EMAIL);
// Create the SubjectConfirmation
SAMLObjectBuilder confirmationMethodBuilder =
(SAMLObjectBuilder)
builderFactory.getBuilder(ConfirmationMethod.DEFAULT_ELEMENT_NAME);
ConfirmationMethod confirmationMethod =
(ConfirmationMethod) confirmationMethodBuilder.buildObject();
confirmationMethod.setConfirmationMethod(strConfirmationMethod);
SAMLObjectBuilder subjectConfirmationBuilder =
(SAMLObjectBuilder)
builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
SubjectConfirmation subjectConfirmation =
(SubjectConfirmation) subjectConfirmationBuilder.buildObject();
subjectConfirmation.getConfirmationMethods().add(confirmationMethod);
// Create the Subject
SAMLObjectBuilder subjectBuilder =
(SAMLObjectBuilder) builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME);
Subject subject = (Subject)
subjectBuilder.buildObject();
subject.setNameIdentifier(nameId);
subject.setSubjectConfirmation(subjectConfirmation);
// Create Authentication Statement
SAMLObjectBuilder authStatementBuilder =
(SAMLObjectBuilder)
builderFactory.getBuilder(AuthenticationStatement.DEFAULT_ELEMENT_NAME);
AuthenticationStatement authnStatement =
(AuthenticationStatement) authStatementBuilder.buildObject();
authnStatement.setSubject(subject);
authnStatement.setAuthenticationMethod(strAuthMethod);
authnStatement.setAuthenticationInstant(new
DateTime());
// Create the attribute statement
SAMLObjectBuilder attrBuilder = (SAMLObjectBuilder)
builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
Attribute attrGroups = (Attribute)
attrBuilder.buildObject();
attrGroups.setAttributeName(strAttrName);
attrGroups.setAttributeNamespace(strAttrNamespace);
XMLObjectBuilder stringBuilder =
builderFactory.getBuilder(XSString.TYPE_NAME);
XSString attrNewValue = (XSString)
stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME,
XSString.TYPE_NAME);
attrNewValue.setValue(strAttrValue);
attrGroups.getAttributeValues().add(attrNewValue);
SAMLObjectBuilder attrStatementBuilder =
(SAMLObjectBuilder)
builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
AttributeStatement attrStatement =
(AttributeStatement) attrStatementBuilder.buildObject();
attrStatement.getAttributes().add(attrGroups);
SAMLObjectBuilder conditionsBuilder =
(SAMLObjectBuilder)
builderFactory.getBuilder(Conditions.DEFAULT_ELEMENT_NAME);
Conditions conditions = (Conditions)
conditionsBuilder.buildObject();
//TODO revisar el tema de la hora
DateTime conditionTime = new DateTime();
DateTime conditionTimeNotAfter = new
DateTime().plusHours(2);
conditions.setNotBefore(conditionTime);
conditions.setNotOnOrAfter(conditionTimeNotAfter);
//Create assertionID
IdentifierGenerator idGenerator = new
SecureRandomIdentifierGenerator();
strAssertionID = idGenerator.generateIdentifier();
// Create the assertion
SAMLObjectBuilder assertionBuilder =
(SAMLObjectBuilder) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
Assertion assertion = (Assertion)
assertionBuilder.buildObject();
assertion.setIssuer(strIssuer);
assertion.setIssueInstant(new DateTime());
assertion.setVersion(SAMLVersion.VERSION_10);
assertion.getAuthenticationStatements().add(authnStatement);
assertion.getAttributeStatements().add(attrStatement);
assertion.setConditions(conditions);
Signature signature = (Signature)
Configuration.getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME).buildObject(
Signature.DEFAULT_ELEMENT_NAME);
signature.setSigningCredential(signingCredential);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
KeyInfoBuilder keyInfoBuilder =
(KeyInfoBuilder)
builderFactory.getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME);
KeyInfo keyinfo = (KeyInfo)
keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
KeyInfoHelper.addCertificate(keyinfo,
x509Certificate);
signature.setKeyInfo(keyinfo);
assertion.setID(strAssertionID);
assertion.setSignature(signature);
AssertionMarshaller marshaller = new
AssertionMarshaller();
Element element = marshaller.marshall(assertion);
Signer.signObject(signature);
// Print the assertion to standard output
System.out.println("Signed AMUserAssertion (SAML
1):\n");
System.out.println(XMLHelper.prettyPrintXML(element));
return assertion;
} catch (Exception e) {
throw new AssertionCreatorException(e.getMessage());
}
}
public static BasicX509Credential buildCredential(String keyStorePwd,
String keyStoreFilePath, String entityId, String
alias, String password)
throws Exception {
File keyStoreFile = new File(keyStoreFilePath);
FileInputStream keyStoreFis = new
FileInputStream(keyStoreFile);
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(keyStoreFis, keyStorePwd.toCharArray());
//KeyStore keyStore = KeyStore.getInstance("Windows-MY");
//keyStore.load(null, null);
x509Certificate = (java.security.cert.X509Certificate)
keyStore
.getCertificate(alias);
java.security.Key key = keyStore.getKey(alias,
password.toCharArray());
BasicX509Credential credential = new BasicX509Credential();
credential.setEntityCertificate(x509Certificate);
Collection<java.security.cert.X509CRL> crls = new
ArrayList<X509CRL>();
credential.setCRLs(crls);
credential.setEntityId(entityId);
credential.setPrivateKey((PrivateKey) key);
credential.setPublicKey(x509Certificate.getPublicKey());
credential.getKeyNames().add(alias);
return credential;
}
- Cannot validate signature, Guzman Llambias, 02/09/2010
- Re: [OpenSAML] Cannot validate signature, Brent Putman, 02/09/2010
Archive powered by MHonArc 2.6.16.