Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Problem Validating an Assertion

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Problem Validating an Assertion


Chronological Thread 
  • From: Suneet Shah <>
  • To:
  • Subject: Re: [OpenSAML] Problem Validating an Assertion
  • Date: Mon, 01 Mar 2010 01:28:05 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=auwCGfOmHkGza4T47iOpYpHdi38wW86ZufKCutX8SJ1poywFwVqPya6JBzQmsx5Rgd ude4EGir8Ah5qtpUHBR7ndEqYW9hwfH63zslOpf5/GqVMe1Tr/oZXDp893cxtO+J1Ew1 wPG3aMLKmZdTWfqdbUd5jOs3ZBGOdslEWZqps=
Hi Sidhartha:

I am still getting the same error. I did change the nameIdL

<![CDATA[<?xml version="1.0" encoding="UTF-8"?>
<saml2:Assertion ID="9e8158d08f04487fb33e4ede145e7c55" IssueInstant="2010-03-01T06:24:57.987Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:Issuer>openiam</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" NameQualifier="openiam">snelson</saml2:NameID></saml2:Subject><saml2:Conditions NotBefore="2010-03-01T06:24:57.987Z" NotOnOrAfter="2010-03-01T06:54:58.476Z"/><saml2:AuthnStatement AuthnInstant="2010-03-01T06:24:57.987Z"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion>]]></token>

I am using the following code to build the nameId

NameIDBuilder nb = new NameIDBuilder();
NameID nameId = nb.buildObject();
nameId.setNameQualifier(issuer);
nameId.setValue(principal);
nameId.setFormat(NameIDType.ENTITY);
sub.setNameID(nameId);

Thanks


Sidhartha Priye wrote:
Suneet,

I may be wrong but this does not look right to me

<saml2:NameID Format="NameIdentifierType" NameQualifier="openiam">3006</saml2:NameID>

I am not sure if NameID Format can be any string. The experts here can speak to it. I know there are well defined formats you can choose from. For e.g.

NameIDType.EMAIL
NameIDType.ENCRYPTED
NameIDType.ENTITY
NameIDType.TRANSIENT
NameIDType.UNSPECIFIED

so when you are building your NameID object you can specify the format -

NameID myNameID = (NameID) Configuration.getBuilderFactory().
getBuilder(NameID.DEFAULT_ELEMENT_NAME)
.buildObject(NameID.DEFAULT_ELEMENT_NAME);
myNameID.setValue("admin");
myNameID.setFormat(NameIDType.X509_SUBJECT);

If that does not work, then I will try taking out the
<?xml version="1.0" encoding="UTF-8"?>

Let me know

thanks
Sid

------------------------------------------------------------------------
*From:* Suneet Shah
<>
*To:*

*Sent:* Mon, March 1, 2010 12:54:22 AM
*Subject:* Re: [OpenSAML] Problem Validating an Assertion

Thanks Sidhartha . I have updated the assertion and pasted the exception. I am still getting the same error:

<?xml version="1.0" encoding="UTF-8"?>
<saml2:Assertion ID="3d1932b26ecf433eb365ee9453f47f64" IssueInstant="2010-03-01T05:50:16.320Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:Issuer>openiam</saml2:Issuer><saml2:Subject><saml2:NameID Format="NameIdentifierType" NameQualifier="openiam">3006</saml2:NameID></saml2:Subject><saml2:Conditions NotBefore="2010-03-01T05:50:16.320Z" NotOnOrAfter="2010-03-01T06:20:16.888Z"/><saml2:AuthnStatement AuthnInstant="2010-03-01T05:50:16.320Z"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion>



SEVERE: XML Parsing Error
org.xml.sax.SAXParseException: Content is not allowed in prolog.
at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Un
known Source)
at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)

at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLScanner.reportFatalError(Unknown Source)
at org.apache.xerces.impl.XMLDocumentScannerImpl$PrologDispatcher.dispat
ch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Un
known Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at org.opensaml.xml.parse.BasicParserPool$DocumentBuilderProxy.parse(Bas
icParserPool.java:637)



Sidhartha Priye wrote:
> Dont see any exceptions in your original post. Why do you have a xmnls="openiam" as your namespace for Assertion to go with the one you have already defined -
> "urn:oasis:names:tc:SAML:2.0:assertion".
>
> Why not try with a basic Assertion first -
>
> <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="123" IssueInstant="2010-03-01T05:30:49.730Z" Version="2.0">
> http://localhost:9088
> <saml2:Subject>
> <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">mbrendish</saml2:NameID>
> </saml2:Subject>
> </saml2:Assertion>
>
>
>
> ------------------------------------------------------------------------
> *From:* Suneet Shah < <mailto:>>
> *To:* <mailto:>
> *Sent:* Mon, March 1, 2010 12:19:53 AM
> *Subject:* [OpenSAML] Problem Validating an Assertion
>
> Hello:
>
> I am trying to validate an assertion, but am getting the following parsing exception. Any thoughts on what could be doing wrong?
>
> I am using SOAPUI for my tests.
>
> Thanks in advance for your help
>
> -- Sample Assertion --
>
> <?xml version="1.0" encoding="UTF-8"?>
> <saml2:Assertion ID="acae8abb69174e258bd1e746aa2a8a45" IssueInstant="2010-03-01T05:03:23.113Z" Version="2.0" xmlns="openiam" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:Issuer>openiam</saml2:Issuer><saml2:Subject><saml2:NameID Format="NameIdentifierType" NameQualifier="openiam">3006</saml2:NameID></saml2:Subject><saml2:Conditions NotBefore="2010-03-01T05:03:23.113Z" NotOnOrAfter="2010-03-01T05:33:23.684Z"/><saml2:AuthnStatement AuthnInstant="2010-03-01T05:03:23.113Z"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion>
>
> -- Validation Code --
>
> public boolean isTokenValid(String userId, String token) {
> StringReader reader = new StringReader(token);
> try {
> BasicParserPool ppMgr = new BasicParserPool();
> ppMgr.setNamespaceAware(true);
> Document inCommonMDDoc = ppMgr.parse(reader);
> Element metadataRoot = inCommonMDDoc.getDocumentElement();
> UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
> Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(metadataRoot);
> Assertion samlAssertion = (Assertion)unmarshaller.unmarshall(metadataRoot);
> samlAssertion.validate(true);
> return true;
> }catch(Exception e) {
> log.error("Error during token validation: " + e);
> return false;
> }
>
> }
>


Archive powered by MHonArc 2.6.16.

Top of Page