OpenSAML user discussion

[Chad La Joie <>]

On 8/6/10 4:50 PM, Jim Cox wrote:
> I've used spring-ws and open saml successfully in a web application.
> You are correct, it is just a matter of implementing your own
> Marshaller/Unmarshaller, then delegating to open saml to do the work.
>
> But you will run into problems if you plan to use this in Tomcat.  I was
> never able to get unmarshall to work under Tomcat 6, or even when the
> client was a standalone java application running under a sun 6 jre.

Given my current distaste for all things Tomcat it's doubtful I'd be 
trying this any time soon.  ;)

> Spring ws relies on SAAJ to handle the xml processing. I suspect that
> sun's saaj impl is not honoring the endorsed mechanism.  By the time it
> gets to the Spring Marshaller, it is already a DOM that can not be
> processed by open saml.

Yeah, this is very common story.  Some library lower in the stack, 
usually something you can't do anything about, mangles the XML or DOM 
and then you're screwed.  You might ping the Spring people and see if 
they provide a way to override that part of their pipeline.  They're 
usually pretty good at have those types of plugin points (but not very 
good at documenting them).

> Oddly, this worked fine under Websphere 6.1 with the web services
> feature pack installed.  I was able to use SOAPUI to send a signed
> artifact resolve request to the server.  The server could verify the
> signature and send back an artifact resolve response.  I suspect that
> IBM's saaj message factory is already using xerxes.

It almost certainly is since IBM's JAXP impl is Xerces/Xalan.

> I think I have some example code laying around somewhere.  If there is
> an interest I can dust it off and post it somewhere.

Feel free to post on opensaml.org.

--
Chad La Joie
http://itumi.biz
trusted identities, delivered