OpenSAML user discussion

["Scott Cantor" <>]

> the attachment is a test about XMLTooling::DateTime. In my
> computer(debian testing gcc-4.3.4, xerces-3.1.0,xml-security-c-1.5.1,
> xmltooling-1.3.3, opensaml-2.3.0) the result from DateTime is
> 0000-00-00T00:00:00.000Z

Then you aren't supplying a valid time value. If you want to report a bug,
you can do so, but I use the class internally and it works as intended, so
following up an usupported platform to track down a bug I know is an error
in usage won't be high priority. I'll get to it sometime before the next
release is done but you should consider debugging into it yourself if you
want a fast answer. I'm sure you're just assuming the class works
differently. It's very tricky to use at times.

> and another question, I try to sign an assertion. according samlsign and
> samltest, I need initialse a Credential using CredentialResolver , and the
> Resolver need get certificate path information.

Internally that's what it does, but there are a number of shortcuts to do
that, and parameters to the utilities that just give it the files to use.
But in code, yes, you need an instance of the Credential interface.

> But , if i hope to sign saml
> assertions by a special way like the given local cert or ldap , may I get
> them in other api like IO , ldap ,sql ... , and
> setCertificate(XSecCryptoKey* key) directly.

You have to wrap the result of the helper functions in a Credential. There's
a BasicX509Credential wrapper class that's part of the public API that can
wrap existing key objects.

-- Scott