Skip to Content.
Sympa Menu

mace-opensaml-users - [OpenSAML] Adding permissible attribute values to metadata

Subject: OpenSAML user discussion

List archive

[OpenSAML] Adding permissible attribute values to metadata


Chronological Thread 
  • From: Michael Kjorling <>
  • To:
  • Subject: [OpenSAML] Adding permissible attribute values to metadata
  • Date: Fri, 4 Mar 2011 09:21:08 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In Java, building against OpenSAML 2.3.1, I have the following code
(although anonymized here):

private RequestedAttribute makeSPSSORequestedAttributeBlah() {
RequestedAttribute ra = new RequestedAttributeBuilder().buildObject();

ra.setIsRequired(true);
ra.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
ra.setFriendlyName("blah");
ra.setName("urn:something:blah");

ra.getAttributeValues().add(newXSString("foo")); // note this part

return ra;
}

private XSString newXSString(final String value) {
XSString o = (XSString)
Configuration
.getBuilderFactory()
.getBuilder(XSString.TYPE_NAME)
.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME,
XSString.TYPE_NAME);
o.setValue(value);
return o;
}

This probably isn't the best way to do it, but the code builds fine,
and runs fine. However, while the attribute generated in the function
makeSPSSORequestedAttributeBlah() does get added to the metadata and
ultimately serialized to XML and served to the browser (proving that
the code gets run), the possible value ("foo" above) is not included
in the resulting XML.

I have been beating my head against the Metadata spec, specifically
section 2.4.4.2, which seems to be talking about precisely this
scenario, saying that it is perfectly permissible, but I will admit
that the schema excerpts are not my idea of bedside table reading.

Am I doing something wrong, or is this not supported?

- --
Michael Kjörling ..

.. http://michael.kjorling.se
* ..... No bird soars too high if he soars with his own wings ..... *
* ENCRYPTED email preferred -- OpenPGP keys: 0x32D6B8C6, 0xBDE9ADA6 *
* ASCII Ribbon Campaign: Against HTML mail, proprietary attachments *

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFNcK8EdY+HSb3praYRAhVWAKCsr/A7DR+2zXIC799rd6yt/uKPQACdHnaj
diY+eH0KdFRpgwRiODdPf8c=
=QuBN
-----END PGP SIGNATURE-----

  • [OpenSAML] Adding permissible attribute values to metadata, Michael Kjorling, 03/04/2011

Archive powered by MHonArc 2.6.16.

Top of Page