I am trying to create a signed assertion that uses the keyHolder confirmation method, but not have been able to make much headway. I can create the assertion, and I can use senderVouches, but when I try to use keyHolder, I run into problems. A portion of the code I am using is below. Can anyone point me what might be going wrong? Or where a good example of doing this is? I have seen test code where it was pulling the keyInfo from XML for confirmation, but no example of placing the keyInfo method into the xml. Any help would be greatly appreciated as I have been stuck on this for about a week. I have been able to get two-way SSL certification, WS-Sec username/token, and SAML tokens working, I just can't get it to sign with keyHolder confirmation. What am I missing?
Thank you for any help you can provide. // Load SAML properties file SAMLIssuer saml = getSAMLInstance(); saml.setUserCrypto( crypto ); saml.setInstanceDoc( soappart ); saml.setUsername( "dstsystems" ); SAMLAssertion assertion = saml.newAssertion(); GregorianCalendar cal = new GregorianCalendar(); // Set the Not Before time to now cal.setTime( new Date() ); assertion.setNotBefore( cal.getTime() ); // Set the Not on or After Time to tomorrow cal.add( Calendar.DAY_OF_MONTH, 1 ); assertion.setNotOnOrAfter( cal.getTime() ); // Assertion must have at least one subject SAMLSubject subject = new SAMLSubject( new SAMLNameIdentifier( SAMLID, "", SAMLNameIdentifier.FORMAT_X509 ), null, null, null ); subject.addConfirmationMethod( SAMLSubject.CONF_HOLDER_KEY ); SAMLAuthenticationStatement authStatement = new SAMLAuthenticationStatement( subject, WSConstants.SAML_NS, new Date(), null, null, null ); assertion.addStatement( authStatement ); // subject.setKeyInfo( ki ); // Sign the SAML assertion WSSecSignatureSAML wssamlsig = new WSSecSignatureSAML(); Vector<WSEncryptionPart> signSigParts = new Vector<WSEncryptionPart>(); if ( signSigParts.size() > 0 ) { wssamlsig.setParts( signSigParts ); } PrivateKey pkey = crypto.getPrivateKey( cryptoUserName, cryptoPassword ); assertion.sign( XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, pkey, signSigParts ); wssamlsig.setUsernameToken( token ); wssamlsig.setKeyIdentifierType( WSConstants.BST_DIRECT_REFERENCE ); wssamlsig.setSignatureAlgorithm( XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1 ); try { // Prepare the assertion wssamlsig.prepare( soappart, null, assertion, crypto, cryptoAlias, cryptoPassword, wsheader ); // Build the assertion wssamlsig.build( soappart, null, assertion, crypto, cryptoAlias, cryptoPassword, wsheader ); } catch ( WSSecurityException e ) { e.printStackTrace(); } private SAMLIssuer getSAMLInstance() { try { Properties props2 = new Properties(); props2.load( new FileInputStream( SAML_PROPERTIES ) ); SAMLIssuer saml = SAMLIssuerFactory.getInstance( "org.apache.ws.security.saml.SAMLIssuerImpl", props2 ); return saml; } catch ( FileNotFoundException fnf ) { System.out.println( fnf.getMessage() ); } catch ( IOException e ) { System.out.println( e.getMessage() ); } return null; } -- View this message in context: http://old.nabble.com/Signing-SAML-token-with-keyHolder-confirmation-method-tp28909052p28909052.html Sent from the WSS4J mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org For additional commands, e-mail: wss4j-dev-h...@ws.apache.org