Hi Thats fine by me, do you know when it's been applied?
2009/10/22 Thilina Mahesh Buddhika <[email protected]> > Still SAML2TokenProcessor patch is not applied. So let's hold-on until it > gets applied. > > Any better solutions? > > thanks. > /thilina > > E-Mail : [email protected] > I blog here : http://thilinamb.com > > > 2009/10/22 Håkon Sagehaug <[email protected]> > > > Hi, > > > > No problem in submit a patch, I need some help in how to do that though, > > how > > to proceed mainly. Also looked in the svn for wss4j in the > > branches/1.5_x_fixes, but could not see the SAML2tokenProcessor, is this > > patch applied? > > > > cheers, Håkon > > > > 2009/10/21 Thilina Mahesh Buddhika <[email protected]> > > > > > Hi, > > > > > > I would be great, if you can submit this as a patch to the WSS4J. SAML > > > token > > > validation should be further improved from the WSS4J side. > > > > > > Thanks. > > > /thilina > > > > > > > > > E-Mail : [email protected] > > > I blog here : http://thilinamb.com > > > > > > > > > 2009/10/21 Håkon Sagehaug <[email protected]> > > > > > > > Hi again > > > > > > > > But I used the other way of building the dom element, using the byte > > > stream > > > > approach, and then the signature validation was successful, so thanks > > for > > > > the pointer to the patch. > > > > > > > > cheers, Håkon > > > > > > > > 2009/10/21 Håkon Sagehaug <[email protected]> > > > > > > > > > Hi Nandana, > > > > > > > > > > As far as I see from the patch and also stated in the comment for > the > > > > > SAML2TokenProcessor#buildAssertion > > > > > > > > > > "At the moment it only validates by building an assertion similar > to > > > the > > > > > SAMLTokenProcessor" > > > > > > > > > > Not validating the actual signature for the assertion, so the > bulding > > > > token > > > > > part is okay, but not validating the signature. But maybe this > issue > > is > > > > been > > > > > dealt with? And also using the SAML 1 I had to validate the > signature > > > in > > > > my > > > > > application, beacuse the wss4j SAMLProcessor for SAML1 only build > it, > > > and > > > > > made it avaiable through WSSecurityEngineResult object. > > > > > > > > > > cheers, Håkon > > > > > > > > > > > > > > > 2009/10/21 Nandana Mihindukulasooriya <[email protected]> > > > > > > > > > > Hi Håkon, > > > > >> Did you take a look at the patch [1]. It is not yet applied > > to > > > > >> WSS4J > > > > >> trunk but I think it will be useful for you. > > > > >> > > > > >> regards, > > > > >> Nandana > > > > >> > > > > >> [1] - https://issues.apache.org/jira/browse/WSS-204 > > > > >> > > > > >> 2009/10/21 Håkon Sagehaug <[email protected]> > > > > >> > > > > >> > Hi all, > > > > >> > > > > > >> > I've tried using the rampart 1.5, and made a sts service that > > issues > > > a > > > > >> > SAML2 > > > > >> > assertion, so now I want to try to validate the signature. But > > > facing > > > > >> > problems doing that. My sts services is that same as the one > > > provided > > > > by > > > > >> > the > > > > >> > distribution. Ive looked at the openSAML list and documentation > > and > > > my > > > > >> > signature validation code looks like this > > > > >> > > > > > >> > KeyStore ks = KeyStore.getInstance("JKS"); > > > > >> > InputStream is = new > > FileInputStream("resource/service.jks"); > > > > >> > // char password [] = new char[]{""}; > > > > >> > > > > > >> > ks.load(is, "pass".toCharArray()); > > > > >> > > > > > >> > KeyStore.PrivateKeyEntry pkEntry = > > (KeyStore.PrivateKeyEntry) > > > > ks > > > > >> > .getEntry("alias", new KeyStore.PasswordProtection( > > > > >> > "pass".toCharArray())); > > > > >> > > > > > >> > X509Certificate cert = (X509Certificate) > > > > >> pkEntry.getCertificate(); > > > > >> > > > > > >> > BasicX509Credential x509Credential = new > > > BasicX509Credential(); > > > > >> > > > > > >> > x509Credential.setEntityCertificate(cert); > > > > >> > x509Credential.getEntityCertificateChain().add(cert); > > > > >> > > > > > >> > SAMLSignatureProfileValidator signProfileValidator = new > > > > >> > SAMLSignatureProfileValidator(); > > > > >> > signProfileValidator.validate(ass.getSignature()); > > > > >> > > > > > >> > SignatureValidator signValidator = new > SignatureValidator( > > > > >> > x509Credential); > > > > >> > > > > > >> > signValidator.validate(ass.getSignature()); > > > > >> > > > > > >> > But I alwasy get > > > > >> > > > > > >> > org.opensaml.xml.validation.ValidationException: Signature did > not > > > > >> validate > > > > >> > against the credential's key > > > > >> > > > > > >> > I do the conversion from org.apache.rahas.Token to SAML > Assertion > > > like > > > > >> this > > > > >> > > > > > >> > OMSource source = new OMSource(responseToken.getToken()); > > > > >> > Element assercioSAMLDOM = null; > > > > >> > Transformer transformer; > > > > >> > TransformerFactory transFac = > > > TransformerFactory.newInstance(); > > > > >> > > > > > >> > try { > > > > >> > transformer = transFac.newTransformer(); > > > > >> > DOMResult result = new DOMResult(); > > > > >> > transformer.transform(source, result); > > > > >> > > > > > >> > assercioSAMLDOM = ((Document) result.getNode()) > > > > >> > .getDocumentElement(); > > > > >> > > > > > >> > } catch (TransformerConfigurationException e2) { > > > > >> > e2.printStackTrace(); > > > > >> > } catch (TransformerException e) { > > > > >> > e.printStackTrace(); > > > > >> > } > > > > >> > > > > > >> > UnmarshallerFactory unmarshallerFactory = Configuration > > > > >> > .getUnmarshallerFactory(); > > > > >> > Unmarshaller unmarshaller = unmarshallerFactory > > > > >> > .getUnmarshaller(Assertion.DEFAULT_ELEMENT_NAME); > > > > >> > > > > > >> > Assertion ass = (Assertion) unmarshaller > > > > >> > .unmarshall(assercioSAMLDOM); > > > > >> > > > > > >> > > > > > >> > Seen on the SAML list that often these errors are due to > > conversion > > > > from > > > > >> > one > > > > >> > xml model to another(token to SAML Assertion). > > > > >> > > > > > >> > So my question is, I looked in the rampart svn for validation > code > > > for > > > > >> SAML > > > > >> > 2 tokens, but could not find anything, has anyone tried this? > Also > > > is > > > > >> the > > > > >> > conversion form the rahas token to dom element correct? I > managed > > to > > > > >> > validate signatures when validating SAML 1 token issued, but not > > > now. > > > > >> > > > > > >> > > > > > >> > cheers, Håkon > > > > >> > > > > > >> > -- > > > > >> > Håkon Sagehaug, Scientific Programmer > > > > >> > Parallab, Bergen Center for Computational Science (BCCS) > > > > >> > UNIFOB AS (University of Bergen Research Company) > > > > >> > > > > > >> > > > > >> > > > > >> > > > > >> -- > > > > >> Nandana Mihindukulasooriya > > > > >> WSO2 inc. > > > > >> > > > > >> http://nandana.org/ > > > > >> http://www.wso2.org > > > > >> > > > > > > > > > > > > > > > > > > > > -- > > > > > Håkon Sagehaug, Scientific Programmer > > > > > Parallab, Bergen Center for Computational Science (BCCS) > > > > > UNIFOB AS (University of Bergen Research Company) > > > > > > > > > > > > > > > > > > > > > -- > > > > Håkon Sagehaug, Scientific Programmer > > > > Parallab, Bergen Center for Computational Science (BCCS) > > > > UNIFOB AS (University of Bergen Research Company) > > > > > > > > > > > > > > > -- > > Håkon Sagehaug, Scientific Programmer > > Parallab, Bergen Center for Computational Science (BCCS) > > UNIFOB AS (University of Bergen Research Company) > > > -- Håkon Sagehaug, Scientific Programmer Parallab, Bergen Center for Computational Science (BCCS) UNIFOB AS (University of Bergen Research Company)
