Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Problem with XACMLPolicyStatement

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Problem with XACMLPolicyStatement


Chronological Thread 
  • From: "" <>
  • To:
  • Subject: Re: [OpenSAML] Problem with XACMLPolicyStatement
  • Date: Sat, 31 Jul 2010 19:08:17 +0200
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=mQnEWlqyqlbQehfzn1AIYSK3CIB9gqg5+hz7BxE62gnhRai99h19PdeqxEp0IAqs86 MhtzZRnLZH2ZZUd6DKZi/fR7dvin7/IsFD0wFRvNKtfX8oC3/3SOYGCEcnIAhyGoV0ab qeImf37gQgkLlV3+dKvDqUt0VvlESQLRnOs9Y=
Chad,

Did you try to perform a schema validation, using the errata
schema?

On Sat, Jul 31, 2010 at 6:29 PM, Chad La Joie
<>
wrote:
> Again, I don't see anything strange there.  Looks like a valid SAML
> assertion.
>
> On 7/31/10 11:17 AM,
>
> wrote:
>>
>> Hello Chad,
>>
>> On Sat, Jul 31, 2010 at 3:52 PM, Chad La
>> Joie<>
>>  wrote:
>>>
>>> What do you think is strange about it?
>>
>> I didn't past you the whole XML, sorry:
>>
>> <?xml version="1.0" encoding="ISO-8859-1" standalone="yes"?>
>> <saml2:Assertion ID="_405618cd-3db7-4013-93f7-f454ec95cb7f"
>> IssueInstant="2010-07-31T13:28:55.147Z" Version="2.0"
>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
>>   <saml2:Issuer
>>
>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">com.spirit.ws.XACML.client.SAMLXACMLv2</saml2:Issuer>
>>   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
>>     <ds:SignedInfo>
>>       <ds:CanonicalizationMethod
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>>       <ds:SignatureMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>>       <ds:Reference URI="#_405618cd-3db7-4013-93f7-f454ec95cb7f">
>>         <ds:Transforms>
>>           <ds:Transform
>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>>           <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
>>             <ec:InclusiveNamespaces PrefixList="ds saml2 xacml-saml
>> #default xsi" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>>           </ds:Transform>
>>         </ds:Transforms>
>>         <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>>         <ds:DigestValue>VYEuQH0bfTEYNQ9NMKeVbP2y0BU=</ds:DigestValue>
>>       </ds:Reference>
>>     </ds:SignedInfo>
>>     <ds:SignatureValue>
>>
>> sA7uL07QpQU4rdqLnEU+eqztrchbvJNf3tIwg/JGHI9/OnmCT8Fk6zY2WOMrTXO5mZ6wokWgDL6o
>>
>> bnKdB70/yNrZuYO1uO4frQFjJgGsBaw3gRmB/H2K02LwjY4f4vT8yUSsK4IzOKMalv6YRupi84E4
>> DoXQNYiRD+IMSMarppE=
>> </ds:SignatureValue>
>>     <ds:KeyInfo>
>>       <ds:X509Data>
>>
>> <ds:X509Certificate>MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQUFADCBuDELMAkGA1UEBhMCQVQxEDAOBgNVBAgT
>>
>> B0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTEVMBMGA1UEChMMVGlhbmkgU3Bpcml0MRowGAYDVQQL
>>
>> ExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxMTAv
>>
>> BgkqhkiG9w0BCQEWIm1hc3NpbWlsaWFuby5tYXNpQHRpYW5pLXNwaXJpdC5jb20wHhcNMTAwNTI1
>>
>> MTI1NzMxWhcNMzUwMTE0MTI1NzMxWjCBlzELMAkGA1UEBhMCQVQxEDAOBgNVBAgTB0F1c3RyaWEx
>>
>> FTATBgNVBAoTDFRpYW5pIFNwaXJpdDEaMBgGA1UECxMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNV
>>
>> BAMTB3NlcnZlcjExMTAvBgkqhkiG9w0BCQEWIm1hc3NpbWlsaWFuby5tYXNpQHRpYW5pLXNwaXJp
>>
>> dC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOKFHKAWDiI4GC4W1WFAHGkNuE3hzaMp
>>
>> KaEkDYm9yJDqqEpw758iuiyOZdfRRiQuTmP6lNpT5DlJiQOLYhG5U9TS72VuK3rIncmtvAG0PPur
>>
>> jsFyggbeuV169iRnkdbU2pyhu046gAINCVoJfp+9kb9EZHlDmcEs4NznFj+NtojHAgMBAAGjezB5
>>
>> MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl
>>
>> MB0GA1UdDgQWBBRcW+6sHYHdEZ69MdjUQ7ovetYeTzAfBgNVHSMEGDAWgBRPsGnZxUG4UGFrj7qu
>>
>> E2FoiwZLQDANBgkqhkiG9w0BAQUFAAOCAQEAsqp5FZiRrkUZ72UB7lgxBxzh9Psuvb8cLoYbS/FZ
>>
>> 94DOrMyMscj4Nog9F006WFaVWX90NQFRPKlYRPeH52BkBGL/Dq7vbMmgAgnDAKj59BCQuPA9V8lR
>>
>> ImdA9sZKH5wKjYXlonV9yIHsZFWlV0P9IEPX4RquAJXSE8ym3JwqCs65nXXDvSuaNDKRuVjkHu57
>>
>> V1U7wxDDiu4aj8h4BjxkRuAf+h7PsefRycctQGhLhMPxgj+xUQzv+ribIn8cMulmxU5GvkhVmNVB
>>
>> i2L1GLR8sgzv6IFsXRsIAmKUU7FS9eWx5UMZ9U5O1dZedgXFpASHQecHf0cbJqDG1jsURodZCw==</ds:X509Certificate>
>>       </ds:X509Data>
>>     </ds:KeyInfo>
>>   </ds:Signature>
>>   <saml2:Conditions NotBefore="2010-07-31T13:28:55.147Z"
>> NotOnOrAfter="2010-08-01T02:48:55.147Z"
>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
>>     <saml2:AudienceRestriction>
>>       <saml2:Audience>testaudience</saml2:Audience>
>>       <saml2:Audience>test2</saml2:Audience>
>>     </saml2:AudienceRestriction>
>>   </saml2:Conditions>
>>   <saml2:Statement xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
>>
>> xmlns:xacml-saml="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:assertion"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>> xsi:type="xacml-saml:XACMLPolicyStatementType">
>>     <PolicySet
>> PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides"
>> PolicySetId="MAU.12675296158691-GLOB.OID.TESTMAURO_ENV.LOCAL.OS.2.PI-DOM"
>> xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>> xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
>>
>> http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd";>
>>       <Description>Test policy that permits everything</Description>
>>       <Target/>
>>       <Policy PolicyId="policy_id"
>>
>> RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides"
>> xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os">
>>         <Description>Test policy</Description>
>>         <Target/>
>>         <Rule Effect="Permit"
>> RuleId="urn:oasis:names:tc:xacml:2.0:example:SimpleRule1"/>
>>       </Policy>
>>     </PolicySet>
>>   </saml2:Statement>
>> </saml2:Assertion>
>>
>>
>
> --
> Chad La Joie
> http://itumi.biz
> trusted identities, delivered
>



--
Massimiliano Masi

http://www.mascanc.net/~max

Archive powered by MHonArc 2.6.16.

Top of Page