OpenSAML user discussion

["Kurt Werner" <>]

Not sure if this helps any, but we use
the following to add keyInfo to a signature.  This is for SAML 1.1,
but assume its similiar for 2.0.

//add keyinfo to signature
        KeyInfo
keyinfo = (KeyInfo) keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Certificate
certificate = KeyAccess.getCertificate(alias);
        KeyInfoHelper.addCertificate(keyinfo,
certificate);
        signature.setKeyInfo(keyinfo);
        SecurityHelper.prepareSignatureParams(signature,
credential, null, null);

"Jason Countryman" <>

04/14/2010 10:41 AM

Please respond to

To	openSAML <>
cc
Subject	[OpenSAML] creating a keyinfo element with opensaml

Hello everyone, I have a question for the group.

I need to replicate this element inside a signature:

<ds:KeyInfo>
   <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:KeyIdentifier EncodingType="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-
profile-
1.0#X509SubjectKeyIdentifier">3raZ5aO0xAe4wDjsmsyplkWRW0E=</wsse:KeyIdentifier
> 
   </wsse:SecurityTokenReference> 
</ds:KeyInfo>

I have a credential and cert all loaded up into memory at this point.  This
is 
what I have so far, just for this element:

KeyInfo keyInfo = null;
SecurityTokenReference securityToken = null;
                    
            
KeyIdentifier keyIdentifier = null;
keyIdentifier.setEncodingType("http://docs.oasis-open.org/wss/2004/01/oasis-
200401-wss-soap-message-security-1.0#Base64Binary");
keyIdentifier.setValueType("http://docs.oasis-open.org/wss/2004/01/oasis-
200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier");

I think I'll need to use the KeyIdentifier.setValue method, but I'm not
sure 
what to pass to that...any guidance on this would be appreciated.

Thanks
Jason

______________________________ 
Jason T. Countryman 
Programmer 
Community Computer Service

This message has been scanned for viruses and dangerous content by MailScanner,
SpamAssassin & ClamAV.

This message and any attachments may contain information that is protected
by law as privileged and confidential, and
is transmitted for the sole use of the intended recipient(s). If you are
not the intended recipient, you are hereby notified
that any use, dissemination, copying or retention of this e-mail or the
information contained herein is strictly prohibited.
If you received this e-mail in error, please immediately notify the sender
by e-mail, and permanently delete this e-mail.

---

The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.