I'm trying to support SAML authorization requests from a Google Search Appliance. The appliance sends a non-standard SOAP message (multiple children in the body of the request and the response).
Axis2 on the request side handles this - I can simply do the following to get all the <AuthzDecisionQuery> children of the SOAP Body. public OMElement authorize(OMElement authzElement){ Iterator iter = authzElement.getParent().getChildren(); Object o; try { while (iter.hasNext()) { o = iter.next(); if (o instanceof OMElement) { authzElement = (OMElement) o; if (authzElement==null) { break; } if (authzElement.getLocalName().equals("AuthzDecisionQuery")) { // provide an authorization decision } } } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } return authzElement; } My problem is that I need to respond with a corresponding number of <Response> nodes (1 for each AuthzDecisionQuery node). I cannot find any way to accomplish this ? I have not tried data binding as: 1. I haven't been able to get any data binding framework to handle the SAML 2.0 schema successfully 2. Being that this interface doesn't use SAML 2.0 but a non-standard SAML (requiring multiple SOAP body children) I'm pretty sure that the binding frameworks will choke even if I were to develop some custom schema representing this Google interface. Below are sample request/response. I would be most appreciative of help. Regards, Jack POST /authz HTTP/1.1 Host: ac.example.com Content-Type: text/xml SOAPAction: http://www.oasis-open.org/committees/security Content-length: nnn <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Body> <samlp:AuthzDecisionQuery ID="kmigpcackfenaibdninipcnmkmajfplommhfapbk" IssueInstant="2009-10-20T17:52:29Z" Version="2.0" Resource="http://www.example.com/document1.html" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <saml:Subject> <saml:NameID>Polly Hedra</saml:NameID> </saml:Subject> <saml:Action Namespace="urn:oasis:names:tc:SAML:1.0:action:ghpp"> GET </saml:Action> </samlp:AuthzDecisionQuery> <samlp:AuthzDecisionQuery ID="laskdjklgjgueiuhsdkjhsfkjshfksjhgoiuoiwd" IssueInstant="2009-10-20T17:52:29Z" Version="2.0" Resource="http://www.example.com/document2.html" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <saml:Subject> <saml:NameID>Polly Hedra</saml:NameID> </saml:Subject> <saml:Action Namespace="urn:oasis:names:tc:SAML:1.0:action:ghpp"> GET </saml:Action> </samlp:AuthzDecisionQuery> </soapenv:Body> </soapenv:Envelope> HTTP/1.1 200 OK Content-Type: text/xml Content-Length: nnn <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="blahblah" Version="2.0" IssueInstant="2009-10-08T14:38:05Z"> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion Version="2.0" ID="kmigpcackfenaibdninipcnmkmajfplommhfapbk" IssueInstant="2004-10-08T14:38:05Z"> <saml:Issuer>example.com</saml:Issuer> <saml:Subject> <saml:NameID>Polly Hedra</saml:NameID> </saml:Subject> <saml:AuthzDecisionStatement Resource="http://www.example.com/document1.html" Decision="Permit"> <saml:Action Namespace="urn:oasis:names:tc:SAML:1.0:action:ghpp"> GET </saml:Action> </saml:AuthzDecisionStatement> </saml:Assertion> </samlp:Response> <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="blahblah" Version="2.0" IssueInstant="2009-10-08T14:38:05Z"> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion Version="2.0" ID="laskdjklgjgueiuhsdkjhsfkjshfksjhgoiuoiwd" IssueInstant="2004-10-08T14:38:05Z"> <saml:Issuer>example.com</saml:Issuer> <saml:Subject> <saml:NameID>Polly Hedra</saml:NameID> </saml:Subject> <saml:AuthzDecisionStatement Resource="http://www.example.com/document2.html" Decision="Permit"> <saml:Action Namespace="urn:oasis:names:tc:SAML:1.0:action:ghpp"> GET </saml:Action> </saml:AuthzDecisionStatement> </saml:Assertion> </samlp:Response> </soapenv:Body> </soapenv:Envelope>