I am trying to create a signed assertion that uses the keyHolder confirmation
method, but not have been able to make much headway. I can create the
assertion, and I can use senderVouches, but when I try to use keyHolder, I
run into problems. A portion of the code I am using is below. Can anyone
point me what might be going wrong? Or where a good example of doing this
is? I have seen test code where it was pulling the keyInfo from XML for
confirmation, but no example of placing the keyInfo method into the xml.
Any help would be greatly appreciated as I have been stuck on this for about
a week. I have been able to get two-way SSL certification, WS-Sec
username/token, and SAML tokens working, I just can't get it to sign with
keyHolder confirmation. What am I missing?
Thank you for any help you can provide.
// Load SAML properties file
SAMLIssuer saml = getSAMLInstance();
saml.setUserCrypto( crypto );
saml.setInstanceDoc( soappart );
saml.setUsername( "dstsystems" );
SAMLAssertion assertion = saml.newAssertion();
GregorianCalendar cal = new GregorianCalendar();
// Set the Not Before time to now
cal.setTime( new Date() );
assertion.setNotBefore( cal.getTime() );
// Set the Not on or After Time to tomorrow
cal.add( Calendar.DAY_OF_MONTH, 1 );
assertion.setNotOnOrAfter( cal.getTime() );
// Assertion must have at least one subject
SAMLSubject subject = new SAMLSubject( new SAMLNameIdentifier( SAMLID,
"", SAMLNameIdentifier.FORMAT_X509 ),
null,
null,
null );
subject.addConfirmationMethod( SAMLSubject.CONF_HOLDER_KEY );
SAMLAuthenticationStatement authStatement = new
SAMLAuthenticationStatement( subject,
WSConstants.SAML_NS,
new Date(),
null,
null,
null );
assertion.addStatement( authStatement );
// subject.setKeyInfo( ki );
// Sign the SAML assertion
WSSecSignatureSAML wssamlsig = new WSSecSignatureSAML();
Vector<WSEncryptionPart> signSigParts = new Vector<WSEncryptionPart>();
if ( signSigParts.size() > 0 )
{
wssamlsig.setParts( signSigParts );
}
PrivateKey pkey = crypto.getPrivateKey( cryptoUserName, cryptoPassword
);
assertion.sign( XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, pkey,
signSigParts );
wssamlsig.setUsernameToken( token );
wssamlsig.setKeyIdentifierType( WSConstants.BST_DIRECT_REFERENCE );
wssamlsig.setSignatureAlgorithm( XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1
);
try
{
// Prepare the assertion
wssamlsig.prepare( soappart, null, assertion, crypto, cryptoAlias,
cryptoPassword, wsheader );
// Build the assertion
wssamlsig.build( soappart, null, assertion, crypto, cryptoAlias,
cryptoPassword, wsheader );
}
catch ( WSSecurityException e )
{
e.printStackTrace();
}
private SAMLIssuer getSAMLInstance()
{
try
{
Properties props2 = new Properties();
props2.load( new FileInputStream( SAML_PROPERTIES ) );
SAMLIssuer saml = SAMLIssuerFactory.getInstance(
"org.apache.ws.security.saml.SAMLIssuerImpl", props2 );
return saml;
}
catch ( FileNotFoundException fnf )
{
System.out.println( fnf.getMessage() );
}
catch ( IOException e )
{
System.out.println( e.getMessage() );
}
return null;
}
--
View this message in context:
http://old.nabble.com/Signing-SAML-token-with-keyHolder-confirmation-method-tp28909052p28909052.html
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org
For additional commands, e-mail: wss4j-dev-h...@ws.apache.org
