Support for Google Search Appliance Batch Authorizations (multiple children of SOAP body)

Fri, 05 Mar 2010 18:30:18 -0800 

 

I'm trying to support SAML authorization requests from a Google Search
Appliance. The appliance sends a non-standard SOAP message (multiple
children in the body of the request and the response).

 

Axis2 on the request side handles this - I can simply do the following to
get all the <AuthzDecisionQuery> children of the SOAP Body.

 

 

public OMElement authorize(OMElement authzElement){

             

            Iterator iter = authzElement.getParent().getChildren();

            Object o;

            try {

                  while (iter.hasNext()) {

                        o = iter.next();

                        if (o instanceof OMElement) {

                              authzElement = (OMElement) o;

                              if (authzElement==null) {

                                    break;

                              }

                              if
(authzElement.getLocalName().equals("AuthzDecisionQuery")) {

                                    // provide an authorization decision

                              }

                        }

                        

                  }

                  

            } catch (Exception e) {

                  // TODO Auto-generated catch block

                  e.printStackTrace();

            } 

             return authzElement;

       }

 

My problem is that I need to respond with a corresponding number of
<Response> nodes (1 for each AuthzDecisionQuery node).

 

I cannot find any way to accomplish this ?

 

I have not tried data binding as:

 

1.  I haven't been able to get any data binding framework to handle the SAML
2.0 schema successfully

2.  Being that this interface doesn't use SAML 2.0 but a non-standard SAML
(requiring multiple SOAP body children) I'm pretty sure that the binding
frameworks will choke even if I were to develop some custom schema
representing this Google interface.

 

Below are sample request/response.

 

I would be most appreciative of help.

 

 

Regards,

 

Jack

 

 

 

 

POST /authz HTTP/1.1 

Host: ac.example.com 

Content-Type: text/xml 

SOAPAction: http://www.oasis-open.org/committees/security 

Content-length: nnn 

 

 

<?xml version="1.0" encoding="UTF-8"?>

<soapenv:Envelope  

  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";  

  xmlns:xsd="http://www.w3.org/2001/XMLSchema";  

  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>  

  <soapenv:Body>

    <samlp:AuthzDecisionQuery  

      ID="kmigpcackfenaibdninipcnmkmajfplommhfapbk"  

      IssueInstant="2009-10-20T17:52:29Z"  

      Version="2.0"  

      Resource="http://www.example.com/document1.html";  

      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"  

      xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

      <saml:Subject>  

        <saml:NameID>Polly Hedra</saml:NameID>  

      </saml:Subject>  

      <saml:Action  

        Namespace="urn:oasis:names:tc:SAML:1.0:action:ghpp">  

        GET  

      </saml:Action>

    </samlp:AuthzDecisionQuery>

    <samlp:AuthzDecisionQuery  

      ID="laskdjklgjgueiuhsdkjhsfkjshfksjhgoiuoiwd"  

      IssueInstant="2009-10-20T17:52:29Z"  

      Version="2.0"  

      Resource="http://www.example.com/document2.html";  

      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"  

      xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">  

      <saml:Subject>  

        <saml:NameID>Polly Hedra</saml:NameID>  

      </saml:Subject>  

      <saml:Action  

        Namespace="urn:oasis:names:tc:SAML:1.0:action:ghpp">  

        GET  

      </saml:Action>  

    </samlp:AuthzDecisionQuery>

  </soapenv:Body>

</soapenv:Envelope>

 

 

 

HTTP/1.1 200 OK 

Content-Type: text/xml 

Content-Length: nnn 

 

 

<soapenv:Envelope  

  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>  

  <soapenv:Body>

    <samlp:Response  

      xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"  

      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"  

      ID="blahblah"  

      Version="2.0"  

      IssueInstant="2009-10-08T14:38:05Z">  

      <samlp:Status>  

        <samlp:StatusCode  

          Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>  

      </samlp:Status>  

      <saml:Assertion  

        Version="2.0"  

        ID="kmigpcackfenaibdninipcnmkmajfplommhfapbk"  

        IssueInstant="2004-10-08T14:38:05Z">  

        <saml:Issuer>example.com</saml:Issuer>  

        <saml:Subject>  

          <saml:NameID>Polly Hedra</saml:NameID>  

        </saml:Subject>  

        <saml:AuthzDecisionStatement  

          Resource="http://www.example.com/document1.html";  

          Decision="Permit">  

          <saml:Action  

            Namespace="urn:oasis:names:tc:SAML:1.0:action:ghpp">  

            GET  

          </saml:Action>  

        </saml:AuthzDecisionStatement>  

      </saml:Assertion>  

    </samlp:Response>

  

    <samlp:Response  

      xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"  

      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"  

      ID="blahblah"  

      Version="2.0"  

      IssueInstant="2009-10-08T14:38:05Z">  

      <samlp:Status>  

        <samlp:StatusCode  

          Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>

        </samlp:Status>  

        <saml:Assertion  

          Version="2.0"  

          ID="laskdjklgjgueiuhsdkjhsfkjshfksjhgoiuoiwd"  

          IssueInstant="2004-10-08T14:38:05Z">  

          <saml:Issuer>example.com</saml:Issuer>  

          <saml:Subject>  

            <saml:NameID>Polly Hedra</saml:NameID>  

          </saml:Subject>  

          <saml:AuthzDecisionStatement  

            Resource="http://www.example.com/document2.html";  

            Decision="Permit">  

            <saml:Action  

              Namespace="urn:oasis:names:tc:SAML:1.0:action:ghpp">  

              GET  

            </saml:Action>  

          </saml:AuthzDecisionStatement>  

        </saml:Assertion>  

    </samlp:Response>  

  </soapenv:Body> 

</soapenv:Envelope>

メールによる返信