Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] creating a keyinfo element with opensaml

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] creating a keyinfo element with opensaml


Chronological Thread 
  • From: "Kurt Werner" <>
  • To:
  • Cc: openSAML <>
  • Subject: Re: [OpenSAML] creating a keyinfo element with opensaml
  • Date: Wed, 14 Apr 2010 11:13:40 -0500


Not sure if this helps any, but we use the following to add keyInfo to a signature.  This is for SAML 1.1, but assume its similiar for 2.0.

//add keyinfo to signature
        KeyInfo keyinfo = (KeyInfo) keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Certificate certificate = KeyAccess.getCertificate(alias);
        KeyInfoHelper.addCertificate(keyinfo, certificate);
        signature.setKeyInfo(keyinfo);
        SecurityHelper.prepareSignatureParams(signature, credential, null, null);




"Jason Countryman" <>

04/14/2010 10:41 AM

Please respond to


To
openSAML <>
cc
Subject
[OpenSAML] creating a keyinfo element with opensaml





Hello everyone, I have a question for the group.

I need to replicate this element inside a signature:

<ds:KeyInfo>
  <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
     <wsse:KeyIdentifier EncodingType="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-
profile-
1.0#X509SubjectKeyIdentifier">3raZ5aO0xAe4wDjsmsyplkWRW0E=</wsse:KeyIdentifier
>
  </wsse:SecurityTokenReference>
</ds:KeyInfo>

I have a credential and cert all loaded up into memory at this point.  This is
what I have so far, just for this element:

KeyInfo keyInfo = null;
SecurityTokenReference securityToken = null;
                               
KeyIdentifier keyIdentifier = null;
keyIdentifier.setEncodingType("http://docs.oasis-open.org/wss/2004/01/oasis-
200401-wss-soap-message-security-1.0#Base64Binary");
keyIdentifier.setValueType("http://docs.oasis-open.org/wss/2004/01/oasis-
200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier");

I think I'll need to use the KeyIdentifier.setValue method, but I'm not sure
what to pass to that...any guidance on this would be appreciated.

Thanks
Jason

______________________________
Jason T. Countryman
Programmer
Community Computer Service

This message has been scanned for viruses and dangerous content by MailScanner, SpamAssassin & ClamAV.

This message and any attachments may contain information that is protected by law as privileged and confidential, and
is transmitted for the sole use of the intended recipient(s). If you are not the intended recipient, you are hereby notified
that any use, dissemination, copying or retention of this e-mail or the information contained herein is strictly prohibited.
If you received this e-mail in error, please immediately notify the sender by e-mail, and permanently delete this e-mail.





The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.




Archive powered by MHonArc 2.6.16.

Top of Page