OpenSAML user discussion

[<>]

Thank you Brent for your prompt reply, that answered my question. 

-C 

-----Original Message-----
From: 

[mailto:]
 On Behalf Of Brent
Putman
Sent: Friday, April 29, 2011 1:17 PM
To: 

Subject: Re: [OpenSAML] Change Default Transform Algo?



On 4/29/11 12:44 PM, 

 wrote:
> Hi All,
>
> Is there an easy way in the OpenSAML Java API to update the Transform 
> algorithm when building a SAML Response?

No, not easily really, because the transforms to use are mandated by the
SAML spec as a "SHOULD NOT contain transforms other than..." enveloped
and exclusive.   See SAML core 5.4.4.


> I could be way off here, but I made an attempt to create a Transform 
> object. I have no idea where to add it.
>

No, that's just the XMLObject provider to represent the XML.  Has
nothing to do with the signing process.



> If there is any assistance you can provide or if there is 
> documentation on this topic anywhere, I would greatly appreciate any
help.

If you really want to know how to do it, you need to manipulate the
transforms that are on the Signature's ContentReference, specifically
the SAMLObjectContentReference.  The latter is auto-added to the
Signature when you call response.setSignature(signature).  After calling
this, you can obtain the content reference and from that the list of
transforms like so:

List<String> transforms =
((SAMLObjectContentReference)signature.getContentReferences().get(0)).ge
tTransforms();

Then just mutate the list.


--Brent

Please visit our website at
http://financialservicesinc.ubs.com/wealth/E-maildisclaimer.html
for important disclosures and information about our e-mail
policies. For your protection, please do not transmit orders
or instructions by e-mail or include account numbers, Social
Security numbers, credit card numbers, passwords, or other
personal information.