OpenSAML user discussion

["Jason Countryman" <>]

Yup, you guys still rock.  I changed that to use the X500Principal.  Thank you again.


______________________________
Jason T. Countryman
Programmer
Community Computer Service


---------- Original Message -----------
From: Chad La Joie <>
To:
Sent: Tue, 30 Mar 2010 14:22:12 -0400
Subject: Re: [OpenSAML] getting and setting x509 credential

> If you read the Javadoc for X509Certificate you'll that getSubjectDN is
> not recommended, but otherwise yes.  You may also want to explictly
> state which format to use for the DN.  I believe the SAML spec
> specifically requires the RFC2253 form for the X509SubjectName name
> identifier format, but you'd have to check the spec to confirm that.
>
> On 3/30/10 2:19 PM, Jason Countryman wrote:
> > Ok, so would something like this work, or do I need the alt names?
> >
> > Principal subjectName = cert.getSubjectDN();
> >              
> > // Issuer
> > SAMLObjectBuilder<Issuer> issuerBuilder = (SAMLObjectBuilder<Issuer>)
> > builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
> > Issuer issuer = issuerBuilder.buildObject();
> > issuer.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName");
> > issuer.setValue(subjectName.getName());
> >
> > ______________________________
> > Jason T. Countryman
> > Programmer
> > Community Computer Service
> >
> >
> > *---------- Original Message -----------*
> > From: Chad La Joie <>
> > To:
> > Sent: Tue, 30 Mar 2010 14:10:50 -0400
> > Subject: Re: [OpenSAML] getting and setting x509 credential
> >
> >> No, the subject data is available directly from X509Certificate APIs.
> >> The helper classes are there to provide additional features that are not
> >> available via the standard APIs (e.g. retrieval of specific types of alt
> >> names.
> >>
> >> On 3/30/10 2:07 PM, Jason Countryman wrote:
> >> > Well, that leads me to my next question.  I need to replicate this for
> >> > the issuer element:
> >> >
> >> > <saml2:Issuer
> >> >
> > Format="urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName">CN=*.test.com,OU=Secure
> >
> >> > Link SSL Wildcard,O=Test Corp.,STREET=2 Test Street,L=Test
> >> > City,S=NY,PostalCode=10000,C=US</saml2:Issuer>
> >> >
> >> > Basically, the information from the Subject: in the key. How do I go
> >> > about accessing that information? I'm assuming its in the X509Util
> > class
> >> > somewhere, right?
> >> >
> >> > Thanks again for all your help.
> >> > ______________________________
> >> > Jason T. Countryman
> >> > Programmer
> >> > Community Computer Service
> >> >
> >> >
> >> > *---------- Original Message -----------*
> >> > From: Chad La Joie <>
> >> > To:
> >> > Sent: Tue, 30 Mar 2010 11:35:42 -0400
> >> > Subject: Re: [OpenSAML] getting and setting x509 credential
> >> >
> >> >> Note, you might want to look at
> > org.opensaml.xml.security.SecurityHelper
> >> >> and org.opensaml.xml.security.x509.X509Util.  These classes provide a
> >> >> lot of helpers for reading in keys and certs, in various formats, and
> >> >> working with them.
> >> >>
> >> >> On 3/30/10 11:29 AM, Jason Countryman wrote:
> >> >> > Thank you both, you guys were right on.  Changed the packaged to
> >> >> > java.security.cert.X509Certificate and my code looks like this now:
> >> >> >
> >> >> > CertificateFactory cf = CertificateFactory.getInstance("X.509");
> >> >> > X509Certificate cert =
> >> >> > (X509Certificate)cf.generateCertificate(inStream);                
> >> >> > inStream.close();                
> >> >> > privateCredential.setEntityCertificate(cert);
> >> >> >
> >> >> > You guys rock.
> >> >> >
> >> >> >
> >> >> > ______________________________
> >> >> > Jason T. Countryman
> >> >> > Programmer
> >> >> > Community Computer Service
> >> >> >
> >> >> >
> >> >> > *---------- Original Message -----------*
> >> >> > From: "JASON D'CRUZ" <>
> >> >> > To:
> >> >> > Sent: Tue, 30 Mar 2010 20:49:09 +0530
> >> >> > Subject: Re: [OpenSAML] getting and setting x509 credential
> >> >> >
> >> >> >> check your package.
> >> >> >>
> >> >> >> the setEntityCertficiate () method requires the
> >> >> > java,security.cert.X509Certificate
> >> >> >>
> >> >> >> You appear to have used the java*x*,security.cert.X509Certificate
> >> > class
> >> >> >>
> >> >> >> On Tue, Mar 30, 2010 at 8:39 PM, <
> >> >> > <mailto:>> wrote:
> >> >> >>
> >> >> >
> >> >> >     Hello all,
> >> >> >     >
> >> >> >     > I'm totally new to using SAML and OpenSAML in particular.
> >  I need
> >> >> >     to create a sender-vouches assertion that is signed using an
> > x509
> >> >> >     key. (for NYS Heal5 HIE, if anyone is wondering)   I have the
> >> >> >     following code:
> >> >> >     >
> >> >> >     > DefaultBootstrap.bootstrap(); // initialize the opensaml
> > library
> >> >> >     > // jtc -- now, build the assertion
> >> >> >     > XMLObjectBuilderFactory builderFactory =
> >> >> >     Configuration.getBuilderFactory();
> >> >> >     > SAMLObjectBuilder<Assertion> builder =
> >> >> >     (SAMLObjectBuilder<Assertion>)
> >> >> >     builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
> >> >> >     > Assertion assertion = builder.buildObject();
> >> >> >     > // jtc -- we have the naked assertion now.   let's add the
> >> >> >     interesting stuff.
> >> >> >     >
> >> >> >     > // jtc - signature and credential
> >> >> >     > BasicX509Credential privateCredential = new
> >> > BasicX509Credential();
> >> >> >     > InputStream inStream = new FileInputStream((String)
> >> >> >     samlInfoVector.get(0));
> >> >> >     > // position 0 has the key file
> >> >> >     > X509Certificate cert = X509Certificate.getInstance(inStream);
> >> >> >     > inStream.close();
> >> >> >     > privateCredential.setEntityCertificate(cert);
> >> >> >     >
> >> >> >     > I'm having a problem with that last line, setting the
> >> >> >     EntityCertificate.  The error I'm getting is:
> >> >> >     >
> >> >> >     > The method setEntityCertificate(X509Certificate) in the type
> >> >> >     BasicX509Credential is not applicable for the arguments
> >> >> >     (X509Certificate)
> >> >> >     >
> >> >> >     > Any guidance on what's going here would be much appreciated.
> >> >> >     >
> >> >> >     > Thanks
> >> >> >     > Jason Countryman
> >> >> >     >
> >> >> >
> >> >> >
> >> >> >>
> >> >> >
> >> >> >> --
> >> >> >> Regards,
> >> >> >> Jason
> >> >> > *------- End of Original Message -------*
> >> >> > This message has been scanned for viruses and dangerous content by
> >> >> > MailScanner, SpamAssassin & ClamAV.
> >> >> >
> >> >> > This message and any attachments may contain information that is
> >> >> > protected by law as privileged and confidential, and
> >> >> > is transmitted for the sole use of the intended recipient(s). If you
> >> > are
> >> >> > not the intended recipient, you are hereby notified
> >> >> > that any use, dissemination, copying or retention of this e-mail
> > or the
> >> >> > information contained herein is strictly prohibited.
> >> >> > If you received this e-mail in error, please immediately notify the
> >> >> > sender by e-mail, and permanently delete this e-mail.
> >> >>
> >> >> --
> >> >> Chad La Joie
> >> >> www.itumi.biz <http://www.itumi.biz/> <http://www.itumi.biz/>
> >> >> trusted identities, delivered
> >> > *------- End of Original Message -------*
> >> > This message has been scanned for viruses and dangerous content by
> >> > MailScanner, SpamAssassin & ClamAV.
> >> >
> >> > This message and any attachments may contain information that is
> >> > protected by law as privileged and confidential, and
> >> > is transmitted for the sole use of the intended recipient(s). If you
> > are
> >> > not the intended recipient, you are hereby notified
> >> > that any use, dissemination, copying or retention of this e-mail or the
> >> > information contained herein is strictly prohibited.
> >> > If you received this e-mail in error, please immediately notify the
> >> > sender by e-mail, and permanently delete this e-mail.
> >>
> >> --
> >> Chad La Joie
> >> www.itumi.biz <http://www.itumi.biz/>
> >> trusted identities, delivered
> > *------- End of Original Message -------*
> > This message has been scanned for viruses and dangerous content by
> > MailScanner, SpamAssassin & ClamAV.
> >
> > This message and any attachments may contain information that is
> > protected by law as privileged and confidential, and
> > is transmitted for the sole use of the intended recipient(s). If you are
> > not the intended recipient, you are hereby notified
> > that any use, dissemination, copying or retention of this e-mail or the
> > information contained herein is strictly prohibited.
> > If you received this e-mail in error, please immediately notify the
> > sender by e-mail, and permanently delete this e-mail.
>
> --
> Chad La Joie
> www.itumi.biz
> trusted identities, delivered
------- End of Original Message -------
This message has been scanned for viruses and dangerous content by MailScanner, SpamAssassin & ClamAV.

This message and any attachments may contain information that is protected by law as privileged and confidential, and
is transmitted for the sole use of the intended recipient(s). If you are not the intended recipient, you are hereby notified
that any use, dissemination, copying or retention of this e-mail or the information contained herein is strictly prohibited.
If you received this e-mail in error, please immediately notify the sender by e-mail, and permanently delete this e-mail.