mace-opensaml-users - Re: [OpenSAML] Problem Validating an Assertion
Subject: OpenSAML user discussion
List archive
- From: Sidhartha Priye <>
- To:
- Subject: Re: [OpenSAML] Problem Validating an Assertion
- Date: Sun, 28 Feb 2010 22:07:56 -0800 (PST)
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=oorwqHtj6cInoOYl7Ql2A3vKC/8tVvFOkDeV3iNau8WjG2N7hLmOz1pVc3uiOn2pGjLuyNuUulGInQ/UOmJy8PXRlH4xlGDB27NG5cd7rqh7rQ8MLqDYq/yGkfWeZ9eUhxLRZZMtMcKLSz5jbMzrGNF6QsZa+yNbKZR2pt6SrA4=;
Suneet,
I may be wrong but this does not look right to me
<saml2:NameID Format="NameIdentifierType" NameQualifier="openiam">3006</saml2:NameID>
I am not sure if NameID Format can be any string. The experts here can speak to it. I know there are well defined formats you can choose from. For e.g.
NameIDType.EMAIL
NameIDType.ENCRYPTED
NameIDType.ENTITY
NameIDType.TRANSIENT
NameIDType.UNSPECIFIED
so when you are building your NameID object you can specify the format -
NameID myNameID = (NameID) Configuration.getBuilderFactory().
getBuilder(NameID.DEFAULT_ELEMENT_NAME)
.buildObject(NameID.DEFAULT_ELEMENT_NAME);
myNameID.setValue("admin");
myNameID.setFormat(NameIDType.X509_SUBJECT);
If that does not work, then I will try taking out the
<?xml version="1.0" encoding="UTF-8"?>
Let me know
thanks
Sid
I may be wrong but this does not look right to me
<saml2:NameID Format="NameIdentifierType" NameQualifier="openiam">3006</saml2:NameID>
I am not sure if NameID Format can be any string. The experts here can speak to it. I know there are well defined formats you can choose from. For e.g.
NameIDType.EMAIL
NameIDType.ENCRYPTED
NameIDType.ENTITY
NameIDType.TRANSIENT
NameIDType.UNSPECIFIED
so when you are building your NameID object you can specify the format -
NameID myNameID = (NameID) Configuration.getBuilderFactory().
getBuilder(NameID.DEFAULT_ELEMENT_NAME)
.buildObject(NameID.DEFAULT_ELEMENT_NAME);
myNameID.setValue("admin");
myNameID.setFormat(NameIDType.X509_SUBJECT);
If that does not work, then I will try taking out the
<?xml version="1.0" encoding="UTF-8"?>
Let me know
thanks
Sid
From: Suneet Shah <>
To:
Sent: Mon, March 1, 2010 12:54:22 AM
Subject: Re: [OpenSAML] Problem Validating an Assertion
Thanks Sidhartha . I have updated the assertion and pasted the exception. I am still getting the same error:
<?xml version="1.0" encoding="UTF-8"?>
<saml2:Assertion ID="3d1932b26ecf433eb365ee9453f47f64" IssueInstant="2010-03-01T05:50:16.320Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:Issuer>openiam</saml2:Issuer><saml2:Subject><saml2:NameID Format="NameIdentifierType" NameQualifier="openiam">3006</saml2:NameID></saml2:Subject><saml2:Conditions NotBefore="2010-03-01T05:50:16.320Z" NotOnOrAfter="2010-03-01T06:20:16.888Z"/><saml2:AuthnStatement AuthnInstant="2010-03-01T05:50:16.320Z"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion>
SEVERE: XML Parsing Error
org.xml.sax.SAXParseException: Content is not allowed in prolog.
at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Un
known Source)
at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLScanner.reportFatalError(Unknown Source)
at org.apache.xerces.impl.XMLDocumentScannerImpl$PrologDispatcher.dispat
ch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Un
known Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at org.opensaml.xml.parse.BasicParserPool$DocumentBuilderProxy.parse(Bas
icParserPool.java:637)
Sidhartha Priye wrote:
> Dont see any exceptions in your original post. Why do you have a xmnls="openiam" as your namespace for Assertion to go with the one you have already defined -
> "urn:oasis:names:tc:SAML:2.0:assertion".
>
> Why not try with a basic Assertion first -
>
> <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="123" IssueInstant="2010-03-01T05:30:49.730Z" Version="2.0">
> http://localhost:9088
> <saml2:Subject>
> <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">mbrendish</saml2:NameID>
> </saml2:Subject>
> </saml2:Assertion>
>
>
>
> ------------------------------------------------------------------------
> *From:* Suneet Shah <>
> *To:*
> *Sent:* Mon, March 1, 2010 12:19:53 AM
> *Subject:* [OpenSAML] Problem Validating an Assertion
>
> Hello:
>
> I am trying to validate an assertion, but am getting the following parsing exception. Any thoughts on what could be doing wrong?
>
> I am using SOAPUI for my tests.
>
> Thanks in advance for your help
>
> -- Sample Assertion --
>
> <?xml version="1.0" encoding="UTF-8"?>
> <saml2:Assertion ID="acae8abb69174e258bd1e746aa2a8a45" IssueInstant="2010-03-01T05:03:23.113Z" Version="2.0" xmlns="openiam" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:Issuer>openiam</saml2:Issuer><saml2:Subject><saml2:NameID Format="NameIdentifierType" NameQualifier="openiam">3006</saml2:NameID></saml2:Subject><saml2:Conditions NotBefore="2010-03-01T05:03:23.113Z" NotOnOrAfter="2010-03-01T05:33:23.684Z"/><saml2:AuthnStatement AuthnInstant="2010-03-01T05:03:23.113Z"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion>
>
> -- Validation Code --
>
> public boolean isTokenValid(String userId, String token) {
> StringReader reader = new StringReader(token);
> try {
> BasicParserPool ppMgr = new BasicParserPool();
> ppMgr.setNamespaceAware(true);
> Document inCommonMDDoc = ppMgr.parse(reader);
> Element metadataRoot = inCommonMDDoc.getDocumentElement();
> UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
> Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(metadataRoot);
> Assertion samlAssertion = (Assertion)unmarshaller.unmarshall(metadataRoot);
> samlAssertion.validate(true);
> return true;
> }catch(Exception e) {
> log.error("Error during token validation: " + e);
> return false;
> }
>
> }
>
- Problem Validating an Assertion, Suneet Shah, 03/01/2010
- Re: [OpenSAML] Problem Validating an Assertion, Sidhartha Priye, 03/01/2010
- Re: [OpenSAML] Problem Validating an Assertion, Suneet Shah, 03/01/2010
- Re: [OpenSAML] Problem Validating an Assertion, Sidhartha Priye, 03/01/2010
- Re: [OpenSAML] Problem Validating an Assertion, Suneet Shah, 03/01/2010
- Re: [OpenSAML] Problem Validating an Assertion, Brent Putman, 03/01/2010
- Re: [OpenSAML] Problem Validating an Assertion, Suneet Shah, 03/01/2010
- RE: [OpenSAML] Problem Validating an Assertion, Scott Cantor, 03/01/2010
- Re: [OpenSAML] Problem Validating an Assertion, Suneet Shah, 03/01/2010
- Re: [OpenSAML] Problem Validating an Assertion, Xavier Drudis Ferran, 03/01/2010
- Re: [OpenSAML] Problem Validating an Assertion, Suneet Shah, 03/01/2010
- RE: [OpenSAML] Problem Validating an Assertion, Scott Cantor, 03/01/2010
- Re: [OpenSAML] Problem Validating an Assertion, Suneet Shah, 03/01/2010
- Re: [OpenSAML] Problem Validating an Assertion, Sidhartha Priye, 03/01/2010
- Re: [OpenSAML] Problem Validating an Assertion, Suneet Shah, 03/01/2010
- Re: [OpenSAML] Problem Validating an Assertion, Brent Putman, 03/01/2010
- Re: [OpenSAML] Problem Validating an Assertion, Sidhartha Priye, 03/01/2010
Archive powered by MHonArc 2.6.16.