OpenSAML user discussion

["" <>]

As you already noticed to someone else,

XACMLPolicyStatementType.TYPE_NAME_XACML20

is

{urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:assertion}XACMLPolicyStatementType


but the standard says

{urn:oasis:xacml:2.0:saml:assertion:schema:os}XACMLPolicyStatementType.

with this uri, the assertion is correct, except the repetition of the
XML namespace.



On Sat, Jul 31, 2010 at 7:08 PM, 

<>
 wrote:
> Chad,
>
> Did you try to perform a schema validation, using the errata
> schema?
>
> On Sat, Jul 31, 2010 at 6:29 PM, Chad La Joie 
> <>
>  wrote:
>> Again, I don't see anything strange there.  Looks like a valid SAML
>> assertion.
>>
>> On 7/31/10 11:17 AM, 
>> 
>>  wrote:
>>>
>>> Hello Chad,
>>>
>>> On Sat, Jul 31, 2010 at 3:52 PM, Chad La 
>>> Joie<>
>>>   wrote:
>>>>
>>>> What do you think is strange about it?
>>>
>>> I didn't past you the whole XML, sorry:
>>>
>>> <?xml version="1.0" encoding="ISO-8859-1" standalone="yes"?>
>>> <saml2:Assertion ID="_405618cd-3db7-4013-93f7-f454ec95cb7f"
>>> IssueInstant="2010-07-31T13:28:55.147Z" Version="2.0"
>>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
>>>   <saml2:Issuer
>>>
>>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">com.spirit.ws.XACML.client.SAMLXACMLv2</saml2:Issuer>
>>>   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
>>>     <ds:SignedInfo>
>>>       <ds:CanonicalizationMethod
>>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>>>       <ds:SignatureMethod
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>>>       <ds:Reference URI="#_405618cd-3db7-4013-93f7-f454ec95cb7f">
>>>         <ds:Transforms>
>>>           <ds:Transform
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>>>           <ds:Transform
>>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
>>>             <ec:InclusiveNamespaces PrefixList="ds saml2 xacml-saml
>>> #default xsi" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>>>           </ds:Transform>
>>>         </ds:Transforms>
>>>         <ds:DigestMethod
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>>>         <ds:DigestValue>VYEuQH0bfTEYNQ9NMKeVbP2y0BU=</ds:DigestValue>
>>>       </ds:Reference>
>>>     </ds:SignedInfo>
>>>     <ds:SignatureValue>
>>>
>>> sA7uL07QpQU4rdqLnEU+eqztrchbvJNf3tIwg/JGHI9/OnmCT8Fk6zY2WOMrTXO5mZ6wokWgDL6o
>>>
>>> bnKdB70/yNrZuYO1uO4frQFjJgGsBaw3gRmB/H2K02LwjY4f4vT8yUSsK4IzOKMalv6YRupi84E4
>>> DoXQNYiRD+IMSMarppE=
>>> </ds:SignatureValue>
>>>     <ds:KeyInfo>
>>>       <ds:X509Data>
>>>
>>> <ds:X509Certificate>MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQUFADCBuDELMAkGA1UEBhMCQVQxEDAOBgNVBAgT
>>>
>>> B0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTEVMBMGA1UEChMMVGlhbmkgU3Bpcml0MRowGAYDVQQL
>>>
>>> ExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxMTAv
>>>
>>> BgkqhkiG9w0BCQEWIm1hc3NpbWlsaWFuby5tYXNpQHRpYW5pLXNwaXJpdC5jb20wHhcNMTAwNTI1
>>>
>>> MTI1NzMxWhcNMzUwMTE0MTI1NzMxWjCBlzELMAkGA1UEBhMCQVQxEDAOBgNVBAgTB0F1c3RyaWEx
>>>
>>> FTATBgNVBAoTDFRpYW5pIFNwaXJpdDEaMBgGA1UECxMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNV
>>>
>>> BAMTB3NlcnZlcjExMTAvBgkqhkiG9w0BCQEWIm1hc3NpbWlsaWFuby5tYXNpQHRpYW5pLXNwaXJp
>>>
>>> dC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOKFHKAWDiI4GC4W1WFAHGkNuE3hzaMp
>>>
>>> KaEkDYm9yJDqqEpw758iuiyOZdfRRiQuTmP6lNpT5DlJiQOLYhG5U9TS72VuK3rIncmtvAG0PPur
>>>
>>> jsFyggbeuV169iRnkdbU2pyhu046gAINCVoJfp+9kb9EZHlDmcEs4NznFj+NtojHAgMBAAGjezB5
>>>
>>> MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl
>>>
>>> MB0GA1UdDgQWBBRcW+6sHYHdEZ69MdjUQ7ovetYeTzAfBgNVHSMEGDAWgBRPsGnZxUG4UGFrj7qu
>>>
>>> E2FoiwZLQDANBgkqhkiG9w0BAQUFAAOCAQEAsqp5FZiRrkUZ72UB7lgxBxzh9Psuvb8cLoYbS/FZ
>>>
>>> 94DOrMyMscj4Nog9F006WFaVWX90NQFRPKlYRPeH52BkBGL/Dq7vbMmgAgnDAKj59BCQuPA9V8lR
>>>
>>> ImdA9sZKH5wKjYXlonV9yIHsZFWlV0P9IEPX4RquAJXSE8ym3JwqCs65nXXDvSuaNDKRuVjkHu57
>>>
>>> V1U7wxDDiu4aj8h4BjxkRuAf+h7PsefRycctQGhLhMPxgj+xUQzv+ribIn8cMulmxU5GvkhVmNVB
>>>
>>> i2L1GLR8sgzv6IFsXRsIAmKUU7FS9eWx5UMZ9U5O1dZedgXFpASHQecHf0cbJqDG1jsURodZCw==</ds:X509Certificate>
>>>       </ds:X509Data>
>>>     </ds:KeyInfo>
>>>   </ds:Signature>
>>>   <saml2:Conditions NotBefore="2010-07-31T13:28:55.147Z"
>>> NotOnOrAfter="2010-08-01T02:48:55.147Z"
>>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
>>>     <saml2:AudienceRestriction>
>>>       <saml2:Audience>testaudience</saml2:Audience>
>>>       <saml2:Audience>test2</saml2:Audience>
>>>     </saml2:AudienceRestriction>
>>>   </saml2:Conditions>
>>>   <saml2:Statement xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
>>>
>>> xmlns:xacml-saml="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:assertion"
>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>>> xsi:type="xacml-saml:XACMLPolicyStatementType">
>>>     <PolicySet
>>> PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides"
>>> PolicySetId="MAU.12675296158691-GLOB.OID.TESTMAURO_ENV.LOCAL.OS.2.PI-DOM"
>>> xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>>> xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
>>>
>>> http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd";>
>>>       <Description>Test policy that permits everything</Description>
>>>       <Target/>
>>>       <Policy PolicyId="policy_id"
>>>
>>> RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides"
>>> xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os">
>>>         <Description>Test policy</Description>
>>>         <Target/>
>>>         <Rule Effect="Permit"
>>> RuleId="urn:oasis:names:tc:xacml:2.0:example:SimpleRule1"/>
>>>       </Policy>
>>>     </PolicySet>
>>>   </saml2:Statement>
>>> </saml2:Assertion>
>>>
>>>
>>
>> --
>> Chad La Joie
>> http://itumi.biz
>> trusted identities, delivered
>>
>
>
>
> --
> Massimiliano Masi
>
> http://www.mascanc.net/~max
>



-- 
Massimiliano Masi

http://www.mascanc.net/~max