Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Problem Validating an Assertion

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Problem Validating an Assertion


Chronological Thread 
  • From: Sidhartha Priye <>
  • To:
  • Subject: Re: [OpenSAML] Problem Validating an Assertion
  • Date: Sun, 28 Feb 2010 22:07:56 -0800 (PST)
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=oorwqHtj6cInoOYl7Ql2A3vKC/8tVvFOkDeV3iNau8WjG2N7hLmOz1pVc3uiOn2pGjLuyNuUulGInQ/UOmJy8PXRlH4xlGDB27NG5cd7rqh7rQ8MLqDYq/yGkfWeZ9eUhxLRZZMtMcKLSz5jbMzrGNF6QsZa+yNbKZR2pt6SrA4=;

Suneet,

I may be wrong but this does not look right to me

<saml2:NameID Format="NameIdentifierType" NameQualifier="openiam">3006</saml2:NameID>

I am not sure if NameID Format can be any string. The experts here can speak to it. I know there are well defined formats you can choose from. For e.g.

                NameIDType.EMAIL
                NameIDType.ENCRYPTED
                NameIDType.ENTITY
                NameIDType.TRANSIENT
                NameIDType.UNSPECIFIED

so when you are building your NameID object you can specify the format -

   NameID myNameID = (NameID) Configuration.getBuilderFactory().
                getBuilder(NameID.DEFAULT_ELEMENT_NAME)
                        .buildObject(NameID.DEFAULT_ELEMENT_NAME);
               
                myNameID.setValue("admin");
                myNameID.setFormat(NameIDType.X509_SUBJECT);

If that does not work, then I will try taking out the
<?xml version="1.0" encoding="UTF-8"?>

Let me know

thanks
Sid


From: Suneet Shah <>
To:
Sent: Mon, March 1, 2010 12:54:22 AM
Subject: Re: [OpenSAML] Problem Validating an Assertion

Thanks Sidhartha . I have updated the assertion and pasted the exception.  I am still getting the same error:

<?xml version="1.0" encoding="UTF-8"?>
<saml2:Assertion ID="3d1932b26ecf433eb365ee9453f47f64" IssueInstant="2010-03-01T05:50:16.320Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:Issuer>openiam</saml2:Issuer><saml2:Subject><saml2:NameID Format="NameIdentifierType" NameQualifier="openiam">3006</saml2:NameID></saml2:Subject><saml2:Conditions NotBefore="2010-03-01T05:50:16.320Z" NotOnOrAfter="2010-03-01T06:20:16.888Z"/><saml2:AuthnStatement AuthnInstant="2010-03-01T05:50:16.320Z"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion>



SEVERE: XML Parsing Error
org.xml.sax.SAXParseException: Content is not allowed in prolog.
      at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Un
known Source)
      at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)

      at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
      at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
      at org.apache.xerces.impl.XMLScanner.reportFatalError(Unknown Source)
      at org.apache.xerces.impl.XMLDocumentScannerImpl$PrologDispatcher.dispat
ch(Unknown Source)
      at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Un
known Source)
      at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
      at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
      at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
      at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
      at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
      at org.opensaml.xml.parse.BasicParserPool$DocumentBuilderProxy.parse(Bas
icParserPool.java:637)



Sidhartha Priye wrote:
> Dont see any exceptions in your original post. Why do you have a xmnls="openiam" as your namespace for Assertion to go with the one you have already defined -
> "urn:oasis:names:tc:SAML:2.0:assertion".
>
> Why not try with a basic Assertion first -
>
> <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="123"  IssueInstant="2010-03-01T05:30:49.730Z" Version="2.0">
>    http://localhost:9088
>    <saml2:Subject>
>                          <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">mbrendish</saml2:NameID>
>    </saml2:Subject>
> </saml2:Assertion>
>
>
>
> ------------------------------------------------------------------------
> *From:* Suneet Shah <>
> *To:*
> *Sent:* Mon, March 1, 2010 12:19:53 AM
> *Subject:* [OpenSAML] Problem Validating an Assertion
>
> Hello:
>
> I am trying to validate an assertion, but am getting the following parsing exception. Any thoughts on what could be doing wrong?
>
> I am using SOAPUI for my tests.
>
> Thanks in advance for your help
>
> -- Sample Assertion --
>
> <?xml version="1.0" encoding="UTF-8"?>
> <saml2:Assertion ID="acae8abb69174e258bd1e746aa2a8a45" IssueInstant="2010-03-01T05:03:23.113Z" Version="2.0" xmlns="openiam" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:Issuer>openiam</saml2:Issuer><saml2:Subject><saml2:NameID Format="NameIdentifierType" NameQualifier="openiam">3006</saml2:NameID></saml2:Subject><saml2:Conditions NotBefore="2010-03-01T05:03:23.113Z" NotOnOrAfter="2010-03-01T05:33:23.684Z"/><saml2:AuthnStatement AuthnInstant="2010-03-01T05:03:23.113Z"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion>
>
> -- Validation Code --
>
>  public boolean isTokenValid(String userId, String token) {
>            StringReader reader = new StringReader(token);
>      try {
>          BasicParserPool ppMgr = new BasicParserPool();
>          ppMgr.setNamespaceAware(true);
>          Document inCommonMDDoc = ppMgr.parse(reader);
>          Element metadataRoot = inCommonMDDoc.getDocumentElement();
>                      UnmarshallerFactory unmarshallerFactory  = Configuration.getUnmarshallerFactory();
>          Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(metadataRoot);
>          Assertion samlAssertion = (Assertion)unmarshaller.unmarshall(metadataRoot);
>          samlAssertion.validate(true);
>          return true;
>      }catch(Exception e) {
>          log.error("Error during token validation: " + e);
>          return false;
>      }
>
>  }
>




Archive powered by MHonArc 2.6.16.

Top of Page