Dan, I approached the folks at OpenSAML. As per Scott Cantor (one of the person heading that project), the issue is not at the SAML end, it is where DOM is first being created. The XML Parser is creating the DOM without namespace awareness which causes the SAML code to fail when it tries creating a QName(localpart). The localName of the DOM attribute is null.
Following link is a detailed exchange I had with them https://mail.internet2.edu/wws/arc/mace-opensaml-users/2010-03/msg00025.html He clearly mentioned that I need to use a DOM2 or DOM3 Level specification. It is also possible that the CXF client or server side SOAP/SAAJ Interceptors are altering the DOM in a certain way that is causing the umarshalling process using the SAML to fail. I managed to catch hold of the stack trace on the client side. at org.apache.cxf.binding.soap.saaj.SAAJInInterceptor.handleMessage(SAAJInInterceptor.java:154) at org.apache.cxf.jaxws.handler.soap.SOAPMessageContextImpl.getMessage(SOAPMessageContextImpl.java:78) at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.createProtocolMessageContext(SOAPHandlerInterceptor.java:236) at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageInternal(SOAPHandlerInterceptor.java:144) at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterceptor.java:119) at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterceptor.java:69) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:672) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2210) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2087) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1985) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:640) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:484) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:310) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:262) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124) at $Proxy47.findTaskListUsingLoginCreds(Unknown Source) at com.hsc.security.saml.soap.SpringWSClient.main(SpringWSClient.java:77) Q1. Does CXF uses its own DOM Parser when building the SOAPMessages? Is there a way to turn on the namespace awareness at DOM parsing time. Q2. If not, can we turn off the CXF interceptors on both the client and server side and if we do are there any ripple effects. As you are already aware I am using a JAX WS Handler to intercept the SOAP request - Will that be sufficient or I would still need the SOAP and SAAJ interceptors? Eagerly waiting to hear from you thanks Sid dkulp wrote: > > > This is being thrown from down in Opensaml. I really don't know what > would > cause it. You would probably need to ask on their lists and give them > the > stack trace and the XML of the SAML assertion. > > Dan dkulp wrote: > > > This is being thrown from down in Opensaml. I really don't know what > would > cause it. You would probably need to ask on their lists and give them > the > stack trace and the XML of the SAML assertion. > > Dan > > > On Fri February 26 2010 7:19:15 pm PrSd wrote: >> Daniel, >> >> Here is the stack trace you had requested regarding this issue. I just >> cannot figure out a solution to this >> >> [2/26/10 17:16:11:596 EST] 0000001c SystemErr R >> java.lang.IllegalArgumentException: local part cannot be "null" when >> creating a QName >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> javax.xml.namespace.QName.<init>(Unknown Source) >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> javax.xml.namespace.QName.<init>(Unknown Source) >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> org.opensaml.xml.util.XMLHelper.constructQName(XMLHelper.java:433) >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> org.opensaml.xml.util.XMLHelper.getNodeQName(XMLHelper.java:171) >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshallAttribute(Abstr >> actXMLObjectUnmarshaller.java:215) [2/26/10 17:16:11:612 EST] 0000001c >> SystemErr R at >> org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObj >> ectUnmarshaller.java:107) [2/26/10 17:16:11:612 EST] 0000001c SystemErr >> R at >> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHandler >> .java:222) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> com.syscom.hsc.web.soap.ServiceSAMLHandler.handleMessage(ServiceSAMLHandler >> .java:1) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandleMessage(Handle >> rChainInvoker.java:335) [2/26/10 17:16:11:612 EST] 0000001c SystemErr >> R >> at >> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandlerChain(Handler >> ChainInvoker.java:253) [2/26/10 17:16:11:612 EST] 0000001c SystemErr >> R >> at >> org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeProtocolHandlers(Han >> dlerChainInvoker.java:131) [2/26/10 17:16:11:612 EST] 0000001c SystemErr >> R at >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageInter >> nal(SOAPHandlerInterceptor.java:152) [2/26/10 17:16:11:612 EST] 0000001c >> SystemErr R at >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAP >> HandlerInterceptor.java:119) [2/26/10 17:16:11:612 EST] 0000001c >> SystemErr >> R at >> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAP >> HandlerInterceptor.java:69) [2/26/10 17:16:11:612 EST] 0000001c SystemErr >> R at >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai >> n.java:243) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationO >> bserver.java:109) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R >> at >> org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestinati >> on.java:98) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> org.apache.cxf.transport.servlet.ServletController.invokeDestination(Servle >> tController.java:406) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R >> at >> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController >> .java:178) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServl >> et.java:142) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Abstract >> HTTPServlet.java:179) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R >> at >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPSer >> vlet.java:103) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R >> at >> javax.servlet.http.HttpServlet.service(HttpServlet.java:763) >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPSe >> rvlet.java:159) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R >> at >> com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java: >> 1096) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper >> .java:570) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapp >> er.java:478) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServ >> letWrapper.java:90) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R >> at >> com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:748) >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1466 >> ) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:119) >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(H >> ttpInboundLink.java:458) [2/26/10 17:16:11:612 EST] 0000001c SystemErr >> R at >> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(H >> ttpInboundLink.java:387) [2/26/10 17:16:11:612 EST] 0000001c SystemErr >> R at >> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink. >> java:267) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscrimi >> nators(NewConnectionInitialReadCallback.java:214) [2/26/10 17:16:11:612 >> EST] 0000001c SystemErr R at >> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewCo >> nnectionInitialReadCallback.java:113) [2/26/10 17:16:11:612 EST] 0000001c >> SystemErr R at >> com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioRe >> adCompletionListener.java:165) [2/26/10 17:16:11:612 EST] 0000001c >> SystemErr R at >> com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.jav >> a:217) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFutur >> e.java:161) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136) >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195) >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:74 >> 3) [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873) >> [2/26/10 17:16:11:612 EST] 0000001c SystemErr R at >> com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1473) >> > ----------- > >> > >> > >> > Here is the SAML Assertion that is being sent into the SOAP Header >> > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> >> > >> > <soap:Header> >> > <wsse:Security >> > >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec >> > urity-secext-1.0.xsd"> >> > >> > <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" >> > ID="123" IssueInstant="2010-02-24T19:10:32.724Z" Version="2.0"> >> > >> > <saml2:Issuer>http://localhost:9088</saml2:Issuer> >> > >> > <saml2:Subject> >> > >> > <saml2:NameID >> > >> > >> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">p8admi >> > n</saml2:NameID> </saml2:Subject> >> > >> > <saml2:AuthnStatement >> > >> > AuthnInstant="2010-02-24T19:10:32.787Z"> >> > >> > <saml2:AuthnContext> >> > >> > >> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</ >> > saml2:AuthnContextClassRef> >> > >> > </saml2:AuthnContext> >> > >> > </saml2:AuthnStatement> >> > >> > <saml2:AuthzDecisionStatement Decision="Permit" Resource="DoubleIt"> >> > >> > <saml2:Action >> > >> Namespace="urn:doubleit:doubleitactions">DoubleEvenNumbers</saml2:Action> >> > </saml2:AuthzDecisionStatement> >> > >> > <saml2:AttributeStatement> >> > >> > <saml2:Attribute Name="degree" >> > NameFormat="http://www.example.org/DoubleIt/Security";> >> > >> > <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"; >> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> > xsi:type="xs:string">Mathematics</saml2:AttributeValue> >> > </saml2:Attribute></saml2:AttributeStatement> >> > >> > </saml2:Assertion></wsse:Security></soap:Header> >> > >> > <soap:Body><findTaskListUsingLoginCreds >> > xmlns="http://web.hsc.syscom.com/";><username >> > xmlns="http://web.hsc.syscom.com/";>kpham</username><password >> > xmlns="http://web.hsc.syscom.com/";>hdfuhgdg</password><category >> > >> xmlns="http://web.hsc.syscom.com/";>GETFULLEOPINWRK</category><maxResults >> > >> xmlns="http://web.hsc.syscom.com/";>-1</maxResults></findTaskListUsingLogi >> > nCreds></soap:Body></soap:Envelope> > > -- > Daniel Kulp > [email protected] > http://www.dankulp.com/blog > > -- View this message in context: http://old.nabble.com/local-part-cannot-be-%22null%22-when-creating-a-QName-tp27714287p27752064.html Sent from the cxf-user mailing list archive at Nabble.com.
