Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Problem with XACMLPolicyStatement

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Problem with XACMLPolicyStatement


Chronological Thread 
  • From: "" <>
  • To:
  • Subject: Re: [OpenSAML] Problem with XACMLPolicyStatement
  • Date: Sat, 31 Jul 2010 14:31:14 +0200
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=cFFPN7DCk6LRq+/ISKqvytMLFO+4NkzJhXo/gT/CSgbQIk2Ex41qmFXCFbVn3Lm5PT ytPT7eYkg0RtjXXBTajeqZamwY38afXvNQuS+eXBwrwhXuKBkeyyy4QMO1/obB3JZzF2 ZytG5o353l9GzhUIocUNz8qk7wLd2JqxPKjmo=

Hello Chad,

Thank you for your answer.

On Sat, Jul 31, 2010 at 1:55 PM, Chad La Joie
<>
wrote:
>> But this assertion is wrong, according with the schema defined in [2]
>> (the schema in the
>> oasis home page is buggy).
>
> Right, thats not the version that OpenSAML uses since it's invalid.
>

But the assertion created using a XACMLPolicyStatement does not validate
against
the schema in the oasis home page. What is wrong in this case?

>> This means that instead of a XACMLPolicyStatement I should create a
>> Statement, with xsi:type as xacml,
>>
>> <saml:Statement xsi:type="xacml-saml:XACMLAuthzDecisionStatementType">
>>
>> <saml:Statement xsi:type="xacml-saml:XACMLPolicyStatementType">
>>
>>
>> But how to do it with opensaml? There's no Statement builder!
>
> The Builders have a number of build methods, you want to use the one that
> takes 2 QNames (the element name and schema type). So it becomes something
> like this:
>
> QName statementElementName;
> QName policyStatementSchemaType;
> builder.buildObject(elementName, schemaType);

I added the following:

QName statementElementName = new QName("Statement",SAMLConstants.SAML20_NS);
QName policyStatementSchemaType = new
QName(SAMLProfileConstants.SAML20XACML20_NS,
"XACMLPolicyStatementType",

SAMLProfileConstants.SAML20XACMLASSERTION_PREFIX);
XACMLPolicyStatementType policyStmt = policyStmtBuilder.
buildObject(statementElementName,
policyStatementSchemaType);

Bu unfortunately I have the following error while marshalling it:

org.w3c.dom.DOMException: NAMESPACE_ERR: An attempt is made to create
or change an object in a way which is incorrect with regard to
namespaces.
at org.apache.xerces.dom.CoreDocumentImpl.checkNamespaceWF(Unknown
Source)
at org.apache.xerces.dom.ElementNSImpl.setName(Unknown Source)
at org.apache.xerces.dom.ElementNSImpl.<init>(Unknown Source)
at org.apache.xerces.dom.CoreDocumentImpl.createElementNS(Unknown
Source)
at
org.opensaml.xml.util.XMLHelper.constructElement(XMLHelper.java:518)
at
org.opensaml.xml.util.XMLHelper.constructElement(XMLHelper.java:488)
at
org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:169)
at
org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:316)
at
org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:224)
at
org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:130)
at
org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:86)
at com.spirit.saml.SAML2Utils.toElement(SAML2Utils.java:73)
at
com.spirit.xacml.utils.XACMLPolicyStatement.createSignedXACMLPolicyAssertion(XACMLPolicyStatement.java:109)

--
Massimiliano Masi

http://www.mascanc.net/~max



Archive powered by MHonArc 2.6.16.

Top of Page