opensaml

java.lang.ClassCastException: org.opensaml.core.xml.schema.impl.XSAnyBuilder cannot be cast to org.opensaml.xml.XMLObjectBuilder

拟墨画扇 提交于 2019-12-11 13:44:31
问题 In our application, we are trying to upgrade to Spring boot 2, We are using spring-security-saml2-core:1.0.4.RELEASE , while running application we are getting following exception. It seems, there are two jars xmltooling-1.4.6 and opensaml-core-3.3.0 on classpaath, who have same file default-config.xml . In this case a classloader happens to put opensaml-core-3.3.0 ahead of xmltooling-1.4.6.jar and wrong default-config.xml getting loaded <ObjectProviders> <ObjectProvider qualifiedName="xt

Why is cacerts ignored in Spring Saml?

假装没事ソ 提交于 2019-12-11 12:56:42
问题 I've made an implementation based on this with a FilesystemMetadataProvider: https://github.com/vdenotaris/spring-boot-security-saml-sample To make the SSL handshake work for the artifact binding I had to put/trust the CA certificate for the IDP in the java keystore used by the keyManager. I would rather have used the cacerts on the jre in case the IDP changed CA, but I haven't been able to find any property to set so that Spring SAML looks inside that instead. Also this answer suggest that

How to use Spring SAML code with jks or signed metdata

时光毁灭记忆、已成空白 提交于 2019-12-11 06:36:59
问题 The IDP only provided .crt file and metadata xml file, and IDP told us there is no password for .crt file, I created jks file with command:keytool -import -alias zoom -trustcacerts -file qa.crt -keystore keystory.jks. Now,I downloaded the spring SAML demo code, and changed the securiyContext.xml as bellow: --------matadata.xml--------------------- <md:EntityDescriptor entityID="gene.com" cacheDuration="PT1440M" ID="dfhGJ7yKW7C3nvicVEN.puf7bSh" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">

OpenSAML3 resource not found 'default-config.xml' in OSGi container

心不动则不痛 提交于 2019-12-11 06:18:57
问题 I'm trying to upgrade to OpenSAML 3 in an OSGi bundle running on Apache Karaf (4.0.5) using opensaml servicemix bundle ( org.apache.servicemix.bundles:org.apache.servicemix.bundles.opensaml:jar:3.2.0_1 ). A test that parses the SAML is working so I think I'm on the right track. However, if I install the bundle on Karaf I get a "resource not found" error when it's trying to load default-config.xml . 2016-06-21 16:29:10,477 | INFO | ool-120-thread-1 | InitializationService | 388 - org.apache

Delphi & SAML (Web apps or desktop apps)?

两盒软妹~` 提交于 2019-12-10 10:35:55
问题 is the SAML protocol (Sing Sign ON) used soley for web apps and web services, or is it also used for standard applications? REVISED: I am looking for some windows (Standard Applications (not web based)) protocols for Single Sign On 回答1: If you are looking at Windows specifically, why not use Kerberos and Integrated Windows Authentication? It's built into Active Directory and Domain Controllers. It doesn't really work once you start crossing into the Internet and different security domains but

How to stop maven-shade-plugin from blocking java.util.ServiceLoader initialization of opensaml-impl types

吃可爱长大的小学妹 提交于 2019-12-10 09:45:52
问题 When using OpenSAML 3, you must first load components from the opensaml-saml-impl artifact with the following line of code: InitializationService.initialize(); This uses java.util.ServiceLoader to load any type which implements Initializer. When I write a test and run it with mvn integration-test , this works fine, and I can see that everything has loaded: Assert.assertTrue( XMLObjectProviderRegistrySupport .getUnmarshallerFactory() .getUnmarshallers() .size() > 400); However, my project uses

SAML 2.0 - How to verify the sender certificate?

五迷三道 提交于 2019-12-09 22:20:20
问题 I implement a SAML SP in Java. I send an AuthnRequest to SAML 2.0 IDP and gets an encrypted response. My question is: How do I make sure that the response indeed comes from the IDP and not from a hacker? It is not enough to validate the signature, since this only tells me that the sender has a matching pair of private/public keys, but it could be anyone. So, I need the IDP to supply me in advance a certificate which I upload to a jks file, and compare it each time to the certificate I extract

Signing response using openSAML

主宰稳场 提交于 2019-12-09 12:35:50
问题 I am attempting to implement SAML 2.0 by signing the response, instead of the Assertion. I have 3 existing vendors that accept my signature at the Assertion level, however a new vendor is requesting it at the protocol / response level. I have been Googling and debugging for about 8 hours, and cannot find a valid example of what I am doing wrong. My code below shows clearly what I am doing, and the last 10 lines or so of it are the differences that I have implemented (within the if / else).

SpringSecurity-SAML(OpenSAML): Failed to unmarshall assertion: getting org.w3c.dom.DOMException: WRONG_DOCUMENT_ERR

丶灬走出姿态 提交于 2019-12-08 13:35:48
Using spring-security-saml for handling assertions from IDP, getting below error after server is up for 1 to 2 hours. Issue is not reproducible all the time. By looking at stacktrace, issue seems to be related to parser pool used in spring saml configuration. Please share any thoughts. library versions: opensaml 2.6.1 spring-security-saml2 1.0.0.RELEASE parser pool config: <bean id="parserPool" class="org.opensaml.xml.parse.StaticBasicParserPool" init-method="initialize"> <property name="builderFeatures"> <map> <entry key="http://apache.org/xml/features/dom/defer-node-expansion" value="false"/

OpenSAML 3 unmarshaller is null

六月ゝ 毕业季﹏ 提交于 2019-12-08 08:24:22
问题 Hi i am currently porting an app to opensaml3 and run into the following issue: InitializationService.initialize(); ... Unmarshaller unmarshaller = Configuration.getUnmarshallerFactory().getUnmarshaller(qName); I have replaced the DefaultBootstrap from opensaml2 and previous by the initialize function. Still the factory is returning me null as marshaller. Any idea what is going wrong here? This is the output from initialize progress: [main] INFO org.opensaml.core.config.InitializationService