Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Problem with XACMLPolicyStatement

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Problem with XACMLPolicyStatement


Chronological Thread 
  • From: "" <>
  • To:
  • Subject: Re: [OpenSAML] Problem with XACMLPolicyStatement
  • Date: Sat, 31 Jul 2010 15:30:48 +0200
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=LdSJo+1bpu+MK8+JnHffVuxvb5IYfMi9ox75eij2IRAa4ApthOmIcyXlTBiOUnROBD JJeC+8CEH5N8vWohmtzOKR84tKyRyYAZnJo7VGTIaB5AkeOfqFyNwKthQltx8LJnDlTT 0PVCiBd+sOmzoFdE9HHjQEWlkKcB2OdTO/ho4=
Hi Chad,

On Sat, Jul 31, 2010 at 2:35 PM, Chad La Joie
<>
wrote:

> Which schema?  The "standard" one is invalid, it extends SAML in a way that
> is not allowed.  There is a draft one that was meant to replace the current
> standard that fixes this.  That's what OpenSAML implements and I'm pretty
> sure that's documented in the javadoc.

Yes, the standard schema is invalid (and it contains syntax errors)
and I am referring to the new errata that is in the TC's home page
(as in xacml-users ml pointed me).

>
>> QName statementElementName = new
>> QName("Statement",SAMLConstants.SAML20_NS);
>
> Your arguments are switched around.

Sorry, this is my stupid fault! ;-)

I follow the guide of
http://www.bccs.uni.no/~hakont/SAMLXACMLExtension/files/ProgrammingGuideSAML_XACML.pdf
and I create this strange fragment:

<saml2:Statement xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xacml-saml="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:assertion"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:type="xacml-saml:XACMLPolicyStatementType">
<PolicySet
PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides"
PolicySetId="MAU.12675296158691-GLOB.OID.TESTMAURO_ENV.LOCAL.OS.2.PI-DOM"
xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd";>
<Description>Test policy that permits everything</Description>
<Target/>
<Policy PolicyId="policy_id"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides"
xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os">
<Description>Test policy</Description>
<Target/>
<Rule Effect="Permit"
RuleId="urn:oasis:names:tc:xacml:2.0:example:SimpleRule1"/>
</Policy>
</PolicySet>
</saml2:Statement>

(why the saml2 namespace is placed again?)

and anyway I receive the same error:

org.xml.sax.SAXParseException: cvc-elt.4.2: Cannot resolve
'xacml-saml:XACMLPolicyStatementType' to a type definition for element
'saml2:Statement'.

and using this code:

XACMLPolicyStatementTypeImplBuilder policyStmtBuilder =
(XACMLPolicyStatementTypeImplBuilder)

builderFactory.getBuilder(XACMLPolicyStatementType.TYPE_NAME_XACML20);


XACMLPolicyStatementType policyStmt =
policyStmtBuilder.buildObject(
Statement.DEFAULT_ELEMENT_NAME,

XACMLPolicyStatementType.TYPE_NAME_XACML20);


I am pretty sure that I'm using a wrong schema.



--
Massimiliano Masi

http://www.mascanc.net/~max

Archive powered by MHonArc 2.6.16.

Top of Page