Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Re: Re: Re: [OpenSAML] Problem reading SAML response

Subject: OpenSAML user discussion

List archive

Re: Re: Re: Re: [OpenSAML] Problem reading SAML response


Chronological Thread 
  • From: <>
  • To: ,
  • Subject: Re: Re: Re: Re: [OpenSAML] Problem reading SAML response
  • Date: Fri, 30 Jul 2010 23:27:31 -0400 (EDT)
I finally figured that, the issue is not with the name space, but the way i am
trying to encrypt the assertion.

Below is the saml response i am getting from my client. I used below code to
try to decrypt, but after the decryption is done. assertion object seems to be
null.

List<EncryptedAssertion> eAssertions = rsponse.getEncryptedAssertions();
EncryptedAssertion encryptedAssertion = eAssertions.get(0);
Credential decryptionCredential =
SecurityHelper.getSimpleCredential(publicKey, privateKey);
BasicCredential credential = new BasicCredential();
credential.setPrivateKey(privateKey);
Decrypter decrypter = new Decrypter(null, new
StaticKeyInfoCredentialResolver(credential), new
InlineEncryptedKeyResolver());
Assertion assertion = decrypter.decrypt(encryptedAssertion);




<?xml version="1.0" encoding="UTF-8"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="https://someurl"; ID="xxx"
IssueInstant="2010-07-29T14:52:43.578Z" Version="2.0">
<saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">someurl</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference
URI="#m8h2JP9iKUDTbPsBffZSm2WGC2M">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<ds:DigestValue>bAsQA4vl5RMGPt0lLuH7LDWW2Gw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>

signature value herexxxxxx
</ds:SignatureValue>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:EncryptedAssertion
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
Type="http://www.w3.org/2001/04/xmlenc#Element";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>

<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>

<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>

<xenc:CipherValue xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>



f2QK7TzryCILkOq9oHQ=

</xenc:CipherValue>

</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:CipherValue
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>DIyhwRIepiSJSSkr7RmLSVwrAnCA0pd
TvpuQjUecNEv9Gw5H1KtH14F8vxutlWNffZV/UL07ssVP


gWQ867y3jLVc7wAqbJ+XK+1NeUrEtYGaKxtKUTPwYmjfXRNdoQHiXpMcT1hAW+yoPynBZDmY6pNn


b08r4K8yPBpgnD+vLezwbaj5vErIldncuQWDzSyVQeWGf9gIq7MlUGq2FSATcUrWPJrLyXARqF9C


EaTRSZktt+FPgGTaBC0fLl3Mysvz32sK7lvqt2sxkHn51Bu5Zkf21gI13a5iWPGXyNsFOmZFxUsq


dIRO2V+ZTKt6yh5P36iR8kuB1Oiy2bBOmLcjjD/LVqP6GutVBzR34YykjnnGHd5gh1n8IulDTc5k

Z1aJS8Yoxmx2bGSws6igLM42EbBG06LyjjKWQS6yzNrsBw==
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</saml:EncryptedAssertion>
</samlp:Response>

Archive powered by MHonArc 2.6.16.

Top of Page