custom xml fragment to the SAML attribute

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

custom xml fragment to the SAML attribute

Tóth Csaba
Hello!

I need to put an XML fragment to one of the SAML Attribute:

<saml-a:Attribute xmlns:saml-a="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsa="http://www.w3.org/2005/08/addressing">
<saml-a:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <PurposeOfUse xmlns=" .... " xsi:type=" ... " attr1=" ... " attr2=" ... "/>
</saml-a:AttributeValue>
</saml-a:Attribute>

(the xsi:type is not an standard schema type)

I get this information from an Claim. I parse already, and I have all
the fields. I need some solution how can I put to the requestClaim ant
the ClaimParser
I try to use the OpenSAML, to create a AttributeValue, but I dont know
how to create the PurposeOfUse element.

Any idee?
Thanx

Csaba



Reply | Threaded
Open this post in threaded view
|

Re: custom xml fragment to the SAML attribute

coheigea
Administrator
This WSS4J unit test might help you - it shows how to add a custom
Attribute:

https://github.com/apache/wss4j/blob/94f0e42d03011fa97122bcd495d268ff33a5107f/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java#L578

Colm.

On Mon, Jan 29, 2018 at 3:42 PM, Tóth Csaba <[hidden email]> wrote:

> Hello!
>
> I need to put an XML fragment to one of the SAML Attribute:
>
> <saml-a:Attribute xmlns:saml-a="urn:oasis:names:tc:SAML:2.0:assertion"
> xmlns:wsa="http://www.w3.org/2005/08/addressing">
> <saml-a:AttributeValue xmlns:xsi="http://www.w3.org/
> 2001/XMLSchema-instance">
>         <PurposeOfUse xmlns=" .... " xsi:type=" ... " attr1=" ... "
> attr2=" ... "/>
> </saml-a:AttributeValue>
> </saml-a:Attribute>
>
> (the xsi:type is not an standard schema type)
>
> I get this information from an Claim. I parse already, and I have all
> the fields. I need some solution how can I put to the requestClaim ant
> the ClaimParser
> I try to use the OpenSAML, to create a AttributeValue, but I dont know
> how to create the PurposeOfUse element.
>
> Any idee?
> Thanx
>
> Csaba
>
>
>
>


--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: custom xml fragment to the SAML attribute

Tóth Csaba
Hello!
Thanx, but look like not helped:

                                XMLObjectBuilderFactory builderFactory =
                                       
XMLObjectProviderRegistrySupport.getBuilderFactory();
                                @SuppressWarnings("unchecked")
                                XMLObjectBuilder<XSAny> xsAnyBuilder =
                                   
(XMLObjectBuilder<XSAny>)builderFactory.getBuilder(XSAny.TYPE_NAME);
                                XSAny attributeValue =
                                       
xsAnyBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
                               
                                XSAny node =
xsAnyBuilder.buildObject(new QName("... namespace ... "," ... element
name... "),new QName("http://www.w3.org/2001/XMLSchema-instance","CE"));
                               
attributeValue.getUnknownXMLObjects().add(node);
                               
                                node.getUnknownAttributes().put(new
QName(".. attr namespace...","Code"),code);
                                requestClaim.addValue(attributeValue);

but I get an error for the building the SAML, that "Cannot replace an
element's default namespace"
Csaba


On 2018.01.29. 17:59, Colm O hEigeartaigh wrote:

> This WSS4J unit test might help you - it shows how to add a custom
> Attribute:
>
> https://github.com/apache/wss4j/blob/94f0e42d03011fa97122bcd495d268ff33a5107f/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java#L578
>
> Colm.
>
> On Mon, Jan 29, 2018 at 3:42 PM, Tóth Csaba <[hidden email]> wrote:
>
>> Hello!
>>
>> I need to put an XML fragment to one of the SAML Attribute:
>>
>> <saml-a:Attribute xmlns:saml-a="urn:oasis:names:tc:SAML:2.0:assertion"
>> xmlns:wsa="http://www.w3.org/2005/08/addressing">
>> <saml-a:AttributeValue xmlns:xsi="http://www.w3.org/
>> 2001/XMLSchema-instance">
>>         <PurposeOfUse xmlns=" .... " xsi:type=" ... " attr1=" ... "
>> attr2=" ... "/>
>> </saml-a:AttributeValue>
>> </saml-a:Attribute>
>>
>> (the xsi:type is not an standard schema type)
>>
>> I get this information from an Claim. I parse already, and I have all
>> the fields. I need some solution how can I put to the requestClaim ant
>> the ClaimParser
>> I try to use the OpenSAML, to create a AttributeValue, but I dont know
>> how to create the PurposeOfUse element.
>>
>> Any idee?
>> Thanx
>>
>> Csaba
>>
>>
>>
>>
>

Reply | Threaded
Open this post in threaded view
|

Re: custom xml fragment to the SAML attribute

Tóth Csaba
Hello!
some new information:
I try to create the XML fragment via DocumentBuilder:

                                    Element content =
doc.createElementNS(" .... ", "PurposeOfUse");
                                   
content.setAttributeNS("http://www.w3.org/2001/XMLSchema-instance",
"Type", "CE");
                                    content.setAttributeNS("... <same as
element> ... ","Code",code);
                                   
                                   
                                    XMLObjectBuilderFactory builderFactory =
                                   
XMLObjectProviderRegistrySupport.getBuilderFactory();
                            @SuppressWarnings("unchecked")
                            XMLObjectBuilder<XSAny> xsAnyBuilder =
                               
(XMLObjectBuilder<XSAny>)builderFactory.getBuilder(XSAny.TYPE_NAME);
                            XSAny attributeValue =
                                   
xsAnyBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
                           
                            XSAny node = xsAnyBuilder.buildObject(content);
working, but at the response is none of the attributes

then I try to mix it:

                                  Element content =
doc.createElementNS(" .... ", "PurposeOfUse");
                                   
content.setAttributeNS("http://www.w3.org/2001/XMLSchema-instance",
"Type", "CE");
                                    content.setAttributeNS("... <same as
element> ... ","Code",code);
                                   
                                   
                                    XMLObjectBuilderFactory builderFactory =
                                   
XMLObjectProviderRegistrySupport.getBuilderFactory();
                            @SuppressWarnings("unchecked")
                            XMLObjectBuilder<XSAny> xsAnyBuilder =
                               
(XMLObjectBuilder<XSAny>)builderFactory.getBuilder(XSAny.TYPE_NAME);
                            XSAny attributeValue =
                                   
xsAnyBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
                           
                            XSAny node = xsAnyBuilder.buildObject(content);

                            node.getUnknownAttributes().put(new
QName("... <same as element> ...","Code"),code);
                            node.getUnknownAttributes().put(new
QName("http://www.w3.org/2001/XMLSchema-instance","type","xsi"),"CE");

get the error.
If I try to add a prefix to the NameSpace for the QName, the same error.

somehow the
net.shibboleth.utilities.java.support.xml.NamespaceSupport.appendNamespaceDeclaration()
try
to mix the element's Namespace and the attribute's NameSpace, and
because its different I get the error.

any help is welcome
Thanx
Csaba


On 2018.01.29. 19:48, Tóth Csaba wrote:

> Hello!
> Thanx, but look like not helped:
>
>                                 XMLObjectBuilderFactory builderFactory =
>                                        
> XMLObjectProviderRegistrySupport.getBuilderFactory();
>                                 @SuppressWarnings("unchecked")
>                                 XMLObjectBuilder<XSAny> xsAnyBuilder =
>                                    
> (XMLObjectBuilder<XSAny>)builderFactory.getBuilder(XSAny.TYPE_NAME);
>                                 XSAny attributeValue =
>                                        
> xsAnyBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
>                                
>                                 XSAny node =
> xsAnyBuilder.buildObject(new QName("... namespace ... "," ... element
> name... "),new QName("http://www.w3.org/2001/XMLSchema-instance","CE"));
>                                
> attributeValue.getUnknownXMLObjects().add(node);
>                                
>                                 node.getUnknownAttributes().put(new
> QName(".. attr namespace...","Code"),code);
>                                 requestClaim.addValue(attributeValue);
>
> but I get an error for the building the SAML, that "Cannot replace an
> element's default namespace"
> Csaba
>
>
> On 2018.01.29. 17:59, Colm O hEigeartaigh wrote:
>> This WSS4J unit test might help you - it shows how to add a custom
>> Attribute:
>>
>> https://github.com/apache/wss4j/blob/94f0e42d03011fa97122bcd495d268ff33a5107f/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java#L578
>>
>> Colm.
>>
>> On Mon, Jan 29, 2018 at 3:42 PM, Tóth Csaba <[hidden email]> wrote:
>>
>>> Hello!
>>>
>>> I need to put an XML fragment to one of the SAML Attribute:
>>>
>>> <saml-a:Attribute xmlns:saml-a="urn:oasis:names:tc:SAML:2.0:assertion"
>>> xmlns:wsa="http://www.w3.org/2005/08/addressing">
>>> <saml-a:AttributeValue xmlns:xsi="http://www.w3.org/
>>> 2001/XMLSchema-instance">
>>>         <PurposeOfUse xmlns=" .... " xsi:type=" ... " attr1=" ... "
>>> attr2=" ... "/>
>>> </saml-a:AttributeValue>
>>> </saml-a:Attribute>
>>>
>>> (the xsi:type is not an standard schema type)
>>>
>>> I get this information from an Claim. I parse already, and I have all
>>> the fields. I need some solution how can I put to the requestClaim ant
>>> the ClaimParser
>>> I try to use the OpenSAML, to create a AttributeValue, but I dont know
>>> how to create the PurposeOfUse element.
>>>
>>> Any idee?
>>> Thanx
>>>
>>> Csaba
>>>
>>>
>>>
>>>
>

Reply | Threaded
Open this post in threaded view
|

Re: custom xml fragment to the SAML attribute

coheigea
Administrator
In reply to this post by Tóth Csaba
Are you trying to add this information to the SAML Assertion created in the
STS after receiving a Claim? If so then you shouldn't be adding it to the
"requestClaim", but to the ProcessedClaim instance that is created in the
CallbackHandler. I added a test to CXF that shows how to do it in a
CustomClaimsHandler:

https://github.com/apache/cxf/blob/master/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java

Colm.

On Mon, Jan 29, 2018 at 6:48 PM, Tóth Csaba <[hidden email]> wrote:

> Hello!
> Thanx, but look like not helped:
>
>                                 XMLObjectBuilderFactory builderFactory =
>
> XMLObjectProviderRegistrySupport.getBuilderFactory();
>                                 @SuppressWarnings("unchecked")
>                                 XMLObjectBuilder<XSAny> xsAnyBuilder =
>
> (XMLObjectBuilder<XSAny>)builderFactory.getBuilder(XSAny.TYPE_NAME);
>                                 XSAny attributeValue =
>
> xsAnyBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
>
>                                 XSAny node =
> xsAnyBuilder.buildObject(new QName("... namespace ... "," ... element
> name... "),new QName("http://www.w3.org/2001/XMLSchema-instance","CE"));
>
> attributeValue.getUnknownXMLObjects().add(node);
>
>                                 node.getUnknownAttributes().put(new
> QName(".. attr namespace...","Code"),code);
>                                 requestClaim.addValue(attributeValue);
>
> but I get an error for the building the SAML, that "Cannot replace an
> element's default namespace"
> Csaba
>
>
> On 2018.01.29. 17:59, Colm O hEigeartaigh wrote:
> > This WSS4J unit test might help you - it shows how to add a custom
> > Attribute:
> >
> > https://github.com/apache/wss4j/blob/94f0e42d03011fa97122bcd495d268
> ff33a5107f/ws-security-dom/src/test/java/org/apache/
> wss4j/dom/saml/SamlTokenTest.java#L578
> >
> > Colm.
> >
> > On Mon, Jan 29, 2018 at 3:42 PM, Tóth Csaba <[hidden email]> wrote:
> >
> >> Hello!
> >>
> >> I need to put an XML fragment to one of the SAML Attribute:
> >>
> >> <saml-a:Attribute xmlns:saml-a="urn:oasis:names:tc:SAML:2.0:assertion"
> >> xmlns:wsa="http://www.w3.org/2005/08/addressing">
> >> <saml-a:AttributeValue xmlns:xsi="http://www.w3.org/
> >> 2001/XMLSchema-instance">
> >>         <PurposeOfUse xmlns=" .... " xsi:type=" ... " attr1=" ... "
> >> attr2=" ... "/>
> >> </saml-a:AttributeValue>
> >> </saml-a:Attribute>
> >>
> >> (the xsi:type is not an standard schema type)
> >>
> >> I get this information from an Claim. I parse already, and I have all
> >> the fields. I need some solution how can I put to the requestClaim ant
> >> the ClaimParser
> >> I try to use the OpenSAML, to create a AttributeValue, but I dont know
> >> how to create the PurposeOfUse element.
> >>
> >> Any idee?
> >> Thanx
> >>
> >> Csaba
> >>
> >>
> >>
> >>
> >
>
>


--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: custom xml fragment to the SAML attribute

Tóth Csaba
Hello!

The problem is not about the place, where I can do that. the problem,
that I cant create the given XML fragment, because:
a, I dont get the attributes back (the SAML dont contains the attributes
of the element), the element is present (and an empty String value too)
b, I get XML error: "Cannot replace an element's default namespace"

There is an example (you send it), but that create an String element
with the same namespace (SAML2 namespace), and a know xsi:type
I need more complex XML structure, with a third part namespace, a
xsi:type attribute, and multiple attributes with third part namespaces.

Its not hard with the documentBuilder, but I dont know how to do this
with the OpenSAML XMLObjects.

Csaba



On 2018.01.30. 11:56, Colm O hEigeartaigh wrote:

> Are you trying to add this information to the SAML Assertion created in the
> STS after receiving a Claim? If so then you shouldn't be adding it to the
> "requestClaim", but to the ProcessedClaim instance that is created in the
> CallbackHandler. I added a test to CXF that shows how to do it in a
> CustomClaimsHandler:
>
> https://github.com/apache/cxf/blob/master/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java
>
> Colm.
>
> On Mon, Jan 29, 2018 at 6:48 PM, Tóth Csaba <[hidden email]> wrote:
>
>> Hello!
>> Thanx, but look like not helped:
>>
>>                                 XMLObjectBuilderFactory builderFactory =
>>
>> XMLObjectProviderRegistrySupport.getBuilderFactory();
>>                                 @SuppressWarnings("unchecked")
>>                                 XMLObjectBuilder<XSAny> xsAnyBuilder =
>>
>> (XMLObjectBuilder<XSAny>)builderFactory.getBuilder(XSAny.TYPE_NAME);
>>                                 XSAny attributeValue =
>>
>> xsAnyBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
>>
>>                                 XSAny node =
>> xsAnyBuilder.buildObject(new QName("... namespace ... "," ... element
>> name... "),new QName("http://www.w3.org/2001/XMLSchema-instance","CE"));
>>
>> attributeValue.getUnknownXMLObjects().add(node);
>>
>>                                 node.getUnknownAttributes().put(new
>> QName(".. attr namespace...","Code"),code);
>>                                 requestClaim.addValue(attributeValue);
>>
>> but I get an error for the building the SAML, that "Cannot replace an
>> element's default namespace"
>> Csaba
>>
>>
>> On 2018.01.29. 17:59, Colm O hEigeartaigh wrote:
>>> This WSS4J unit test might help you - it shows how to add a custom
>>> Attribute:
>>>
>>> https://github.com/apache/wss4j/blob/94f0e42d03011fa97122bcd495d268
>> ff33a5107f/ws-security-dom/src/test/java/org/apache/
>> wss4j/dom/saml/SamlTokenTest.java#L578
>>> Colm.
>>>
>>> On Mon, Jan 29, 2018 at 3:42 PM, Tóth Csaba <[hidden email]> wrote:
>>>
>>>> Hello!
>>>>
>>>> I need to put an XML fragment to one of the SAML Attribute:
>>>>
>>>> <saml-a:Attribute xmlns:saml-a="urn:oasis:names:tc:SAML:2.0:assertion"
>>>> xmlns:wsa="http://www.w3.org/2005/08/addressing">
>>>> <saml-a:AttributeValue xmlns:xsi="http://www.w3.org/
>>>> 2001/XMLSchema-instance">
>>>>         <PurposeOfUse xmlns=" .... " xsi:type=" ... " attr1=" ... "
>>>> attr2=" ... "/>
>>>> </saml-a:AttributeValue>
>>>> </saml-a:Attribute>
>>>>
>>>> (the xsi:type is not an standard schema type)
>>>>
>>>> I get this information from an Claim. I parse already, and I have all
>>>> the fields. I need some solution how can I put to the requestClaim ant
>>>> the ClaimParser
>>>> I try to use the OpenSAML, to create a AttributeValue, but I dont know
>>>> how to create the PurposeOfUse element.
>>>>
>>>> Any idee?
>>>> Thanx
>>>>
>>>> Csaba
>>>>
>>>>
>>>>
>>>>
>>
>

Reply | Threaded
Open this post in threaded view
|

Re: custom xml fragment to the SAML attribute

coheigea
Administrator
Is it an option for you just to use the DocumentBuilder then and specify a
DOM Element on the Claim?

Colm.

On Tue, Jan 30, 2018 at 12:02 PM, Tóth Csaba <[hidden email]> wrote:

> Hello!
>
> The problem is not about the place, where I can do that. the problem,
> that I cant create the given XML fragment, because:
> a, I dont get the attributes back (the SAML dont contains the attributes
> of the element), the element is present (and an empty String value too)
> b, I get XML error: "Cannot replace an element's default namespace"
>
> There is an example (you send it), but that create an String element
> with the same namespace (SAML2 namespace), and a know xsi:type
> I need more complex XML structure, with a third part namespace, a
> xsi:type attribute, and multiple attributes with third part namespaces.
>
> Its not hard with the documentBuilder, but I dont know how to do this
> with the OpenSAML XMLObjects.
>
> Csaba
>
>
>
> On 2018.01.30. 11:56, Colm O hEigeartaigh wrote:
> > Are you trying to add this information to the SAML Assertion created in
> the
> > STS after receiving a Claim? If so then you shouldn't be adding it to the
> > "requestClaim", but to the ProcessedClaim instance that is created in the
> > CallbackHandler. I added a test to CXF that shows how to do it in a
> > CustomClaimsHandler:
> >
> > https://github.com/apache/cxf/blob/master/services/sts/
> systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/
> CustomClaimsHandler.java
> >
> > Colm.
> >
> > On Mon, Jan 29, 2018 at 6:48 PM, Tóth Csaba <[hidden email]> wrote:
> >
> >> Hello!
> >> Thanx, but look like not helped:
> >>
> >>                                 XMLObjectBuilderFactory builderFactory =
> >>
> >> XMLObjectProviderRegistrySupport.getBuilderFactory();
> >>                                 @SuppressWarnings("unchecked")
> >>                                 XMLObjectBuilder<XSAny> xsAnyBuilder =
> >>
> >> (XMLObjectBuilder<XSAny>)builderFactory.getBuilder(XSAny.TYPE_NAME);
> >>                                 XSAny attributeValue =
> >>
> >> xsAnyBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
> >>
> >>                                 XSAny node =
> >> xsAnyBuilder.buildObject(new QName("... namespace ... "," ... element
> >> name... "),new QName("http://www.w3.org/2001/XMLSchema-instance
> ","CE"));
> >>
> >> attributeValue.getUnknownXMLObjects().add(node);
> >>
> >>                                 node.getUnknownAttributes().put(new
> >> QName(".. attr namespace...","Code"),code);
> >>                                 requestClaim.addValue(attributeValue);
> >>
> >> but I get an error for the building the SAML, that "Cannot replace an
> >> element's default namespace"
> >> Csaba
> >>
> >>
> >> On 2018.01.29. 17:59, Colm O hEigeartaigh wrote:
> >>> This WSS4J unit test might help you - it shows how to add a custom
> >>> Attribute:
> >>>
> >>> https://github.com/apache/wss4j/blob/94f0e42d03011fa97122bcd495d268
> >> ff33a5107f/ws-security-dom/src/test/java/org/apache/
> >> wss4j/dom/saml/SamlTokenTest.java#L578
> >>> Colm.
> >>>
> >>> On Mon, Jan 29, 2018 at 3:42 PM, Tóth Csaba <[hidden email]> wrote:
> >>>
> >>>> Hello!
> >>>>
> >>>> I need to put an XML fragment to one of the SAML Attribute:
> >>>>
> >>>> <saml-a:Attribute xmlns:saml-a="urn:oasis:names:
> tc:SAML:2.0:assertion"
> >>>> xmlns:wsa="http://www.w3.org/2005/08/addressing">
> >>>> <saml-a:AttributeValue xmlns:xsi="http://www.w3.org/
> >>>> 2001/XMLSchema-instance">
> >>>>         <PurposeOfUse xmlns=" .... " xsi:type=" ... " attr1=" ... "
> >>>> attr2=" ... "/>
> >>>> </saml-a:AttributeValue>
> >>>> </saml-a:Attribute>
> >>>>
> >>>> (the xsi:type is not an standard schema type)
> >>>>
> >>>> I get this information from an Claim. I parse already, and I have all
> >>>> the fields. I need some solution how can I put to the requestClaim ant
> >>>> the ClaimParser
> >>>> I try to use the OpenSAML, to create a AttributeValue, but I dont know
> >>>> how to create the PurposeOfUse element.
> >>>>
> >>>> Any idee?
> >>>> Thanx
> >>>>
> >>>> Csaba
> >>>>
> >>>>
> >>>>
> >>>>
> >>
> >
>
>


--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: custom xml fragment to the SAML attribute

Tóth Csaba
Hello!

Yes, its an option, just dont know, how will this signed.
but. Thanx
I will try.

Csaba

On 2018.01.30. 13:11, Colm O hEigeartaigh wrote:

> Is it an option for you just to use the DocumentBuilder then and specify a
> DOM Element on the Claim?
>
> Colm.
>
> On Tue, Jan 30, 2018 at 12:02 PM, Tóth Csaba <[hidden email]> wrote:
>
>> Hello!
>>
>> The problem is not about the place, where I can do that. the problem,
>> that I cant create the given XML fragment, because:
>> a, I dont get the attributes back (the SAML dont contains the attributes
>> of the element), the element is present (and an empty String value too)
>> b, I get XML error: "Cannot replace an element's default namespace"
>>
>> There is an example (you send it), but that create an String element
>> with the same namespace (SAML2 namespace), and a know xsi:type
>> I need more complex XML structure, with a third part namespace, a
>> xsi:type attribute, and multiple attributes with third part namespaces.
>>
>> Its not hard with the documentBuilder, but I dont know how to do this
>> with the OpenSAML XMLObjects.
>>
>> Csaba
>>
>>
>>
>> On 2018.01.30. 11:56, Colm O hEigeartaigh wrote:
>>> Are you trying to add this information to the SAML Assertion created in
>> the
>>> STS after receiving a Claim? If so then you shouldn't be adding it to the
>>> "requestClaim", but to the ProcessedClaim instance that is created in the
>>> CallbackHandler. I added a test to CXF that shows how to do it in a
>>> CustomClaimsHandler:
>>>
>>> https://github.com/apache/cxf/blob/master/services/sts/
>> systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/
>> CustomClaimsHandler.java
>>> Colm.
>>>
>>> On Mon, Jan 29, 2018 at 6:48 PM, Tóth Csaba <[hidden email]> wrote:
>>>
>>>> Hello!
>>>> Thanx, but look like not helped:
>>>>
>>>>                                 XMLObjectBuilderFactory builderFactory =
>>>>
>>>> XMLObjectProviderRegistrySupport.getBuilderFactory();
>>>>                                 @SuppressWarnings("unchecked")
>>>>                                 XMLObjectBuilder<XSAny> xsAnyBuilder =
>>>>
>>>> (XMLObjectBuilder<XSAny>)builderFactory.getBuilder(XSAny.TYPE_NAME);
>>>>                                 XSAny attributeValue =
>>>>
>>>> xsAnyBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
>>>>
>>>>                                 XSAny node =
>>>> xsAnyBuilder.buildObject(new QName("... namespace ... "," ... element
>>>> name... "),new QName("http://www.w3.org/2001/XMLSchema-instance
>> ","CE"));
>>>> attributeValue.getUnknownXMLObjects().add(node);
>>>>
>>>>                                 node.getUnknownAttributes().put(new
>>>> QName(".. attr namespace...","Code"),code);
>>>>                                 requestClaim.addValue(attributeValue);
>>>>
>>>> but I get an error for the building the SAML, that "Cannot replace an
>>>> element's default namespace"
>>>> Csaba
>>>>
>>>>
>>>> On 2018.01.29. 17:59, Colm O hEigeartaigh wrote:
>>>>> This WSS4J unit test might help you - it shows how to add a custom
>>>>> Attribute:
>>>>>
>>>>> https://github.com/apache/wss4j/blob/94f0e42d03011fa97122bcd495d268
>>>> ff33a5107f/ws-security-dom/src/test/java/org/apache/
>>>> wss4j/dom/saml/SamlTokenTest.java#L578
>>>>> Colm.
>>>>>
>>>>> On Mon, Jan 29, 2018 at 3:42 PM, Tóth Csaba <[hidden email]> wrote:
>>>>>
>>>>>> Hello!
>>>>>>
>>>>>> I need to put an XML fragment to one of the SAML Attribute:
>>>>>>
>>>>>> <saml-a:Attribute xmlns:saml-a="urn:oasis:names:
>> tc:SAML:2.0:assertion"
>>>>>> xmlns:wsa="http://www.w3.org/2005/08/addressing">
>>>>>> <saml-a:AttributeValue xmlns:xsi="http://www.w3.org/
>>>>>> 2001/XMLSchema-instance">
>>>>>>         <PurposeOfUse xmlns=" .... " xsi:type=" ... " attr1=" ... "
>>>>>> attr2=" ... "/>
>>>>>> </saml-a:AttributeValue>
>>>>>> </saml-a:Attribute>
>>>>>>
>>>>>> (the xsi:type is not an standard schema type)
>>>>>>
>>>>>> I get this information from an Claim. I parse already, and I have all
>>>>>> the fields. I need some solution how can I put to the requestClaim ant
>>>>>> the ClaimParser
>>>>>> I try to use the OpenSAML, to create a AttributeValue, but I dont know
>>>>>> how to create the PurposeOfUse element.
>>>>>>
>>>>>> Any idee?
>>>>>> Thanx
>>>>>>
>>>>>> Csaba
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>
>

Reply | Threaded
Open this post in threaded view
|

Re: custom xml fragment to the SAML attribute

Tóth Csaba
Hello!
unfortunately not working.
I already try:
- documentbuilder -> claim.addValue node -> empty xsi:string element
- documentbuilder, create XSAny from node -> claim.addValue XSAny ->
empty child element without attributes, extra empty xsi:String
- documentbuilder, create XSAny from node, add attributes for XSAny ->
claim.addValue XSAny -> "Cannot replace an element's default namespace"
- create XSAny, add attributes -> claim.addValue XSAny -> "Cannot
replace an element's default namespace"
- create XSAny from the claimParser incoming Element -> empty xsi:String
element

I ran out of ideas

Csaba

On 2018.01.30. 13:17, Tóth Csaba wrote:

> Hello!
>
> Yes, its an option, just dont know, how will this signed.
> but. Thanx
> I will try.
>
> Csaba
>
> On 2018.01.30. 13:11, Colm O hEigeartaigh wrote:
>> Is it an option for you just to use the DocumentBuilder then and specify a
>> DOM Element on the Claim?
>>
>> Colm.
>>
>> On Tue, Jan 30, 2018 at 12:02 PM, Tóth Csaba <[hidden email]> wrote:
>>
>>> Hello!
>>>
>>> The problem is not about the place, where I can do that. the problem,
>>> that I cant create the given XML fragment, because:
>>> a, I dont get the attributes back (the SAML dont contains the attributes
>>> of the element), the element is present (and an empty String value too)
>>> b, I get XML error: "Cannot replace an element's default namespace"
>>>
>>> There is an example (you send it), but that create an String element
>>> with the same namespace (SAML2 namespace), and a know xsi:type
>>> I need more complex XML structure, with a third part namespace, a
>>> xsi:type attribute, and multiple attributes with third part namespaces.
>>>
>>> Its not hard with the documentBuilder, but I dont know how to do this
>>> with the OpenSAML XMLObjects.
>>>
>>> Csaba
>>>
>>>
>>>
>>> On 2018.01.30. 11:56, Colm O hEigeartaigh wrote:
>>>> Are you trying to add this information to the SAML Assertion created in
>>> the
>>>> STS after receiving a Claim? If so then you shouldn't be adding it to the
>>>> "requestClaim", but to the ProcessedClaim instance that is created in the
>>>> CallbackHandler. I added a test to CXF that shows how to do it in a
>>>> CustomClaimsHandler:
>>>>
>>>> https://github.com/apache/cxf/blob/master/services/sts/
>>> systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/
>>> CustomClaimsHandler.java
>>>> Colm.
>>>>
>>>> On Mon, Jan 29, 2018 at 6:48 PM, Tóth Csaba <[hidden email]> wrote:
>>>>
>>>>> Hello!
>>>>> Thanx, but look like not helped:
>>>>>
>>>>>                                 XMLObjectBuilderFactory builderFactory =
>>>>>
>>>>> XMLObjectProviderRegistrySupport.getBuilderFactory();
>>>>>                                 @SuppressWarnings("unchecked")
>>>>>                                 XMLObjectBuilder<XSAny> xsAnyBuilder =
>>>>>
>>>>> (XMLObjectBuilder<XSAny>)builderFactory.getBuilder(XSAny.TYPE_NAME);
>>>>>                                 XSAny attributeValue =
>>>>>
>>>>> xsAnyBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
>>>>>
>>>>>                                 XSAny node =
>>>>> xsAnyBuilder.buildObject(new QName("... namespace ... "," ... element
>>>>> name... "),new QName("http://www.w3.org/2001/XMLSchema-instance
>>> ","CE"));
>>>>> attributeValue.getUnknownXMLObjects().add(node);
>>>>>
>>>>>                                 node.getUnknownAttributes().put(new
>>>>> QName(".. attr namespace...","Code"),code);
>>>>>                                 requestClaim.addValue(attributeValue);
>>>>>
>>>>> but I get an error for the building the SAML, that "Cannot replace an
>>>>> element's default namespace"
>>>>> Csaba
>>>>>
>>>>>
>>>>> On 2018.01.29. 17:59, Colm O hEigeartaigh wrote:
>>>>>> This WSS4J unit test might help you - it shows how to add a custom
>>>>>> Attribute:
>>>>>>
>>>>>> https://github.com/apache/wss4j/blob/94f0e42d03011fa97122bcd495d268
>>>>> ff33a5107f/ws-security-dom/src/test/java/org/apache/
>>>>> wss4j/dom/saml/SamlTokenTest.java#L578
>>>>>> Colm.
>>>>>>
>>>>>> On Mon, Jan 29, 2018 at 3:42 PM, Tóth Csaba <[hidden email]> wrote:
>>>>>>
>>>>>>> Hello!
>>>>>>>
>>>>>>> I need to put an XML fragment to one of the SAML Attribute:
>>>>>>>
>>>>>>> <saml-a:Attribute xmlns:saml-a="urn:oasis:names:
>>> tc:SAML:2.0:assertion"
>>>>>>> xmlns:wsa="http://www.w3.org/2005/08/addressing">
>>>>>>> <saml-a:AttributeValue xmlns:xsi="http://www.w3.org/
>>>>>>> 2001/XMLSchema-instance">
>>>>>>>         <PurposeOfUse xmlns=" .... " xsi:type=" ... " attr1=" ... "
>>>>>>> attr2=" ... "/>
>>>>>>> </saml-a:AttributeValue>
>>>>>>> </saml-a:Attribute>
>>>>>>>
>>>>>>> (the xsi:type is not an standard schema type)
>>>>>>>
>>>>>>> I get this information from an Claim. I parse already, and I have all
>>>>>>> the fields. I need some solution how can I put to the requestClaim ant
>>>>>>> the ClaimParser
>>>>>>> I try to use the OpenSAML, to create a AttributeValue, but I dont know
>>>>>>> how to create the PurposeOfUse element.
>>>>>>>
>>>>>>> Any idee?
>>>>>>> Thanx
>>>>>>>
>>>>>>> Csaba
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>

Reply | Threaded
Open this post in threaded view
|

Re: custom xml fragment to the SAML attribute

coheigea
Administrator
Can you post the full opensaml code you are using and I'll take a look?

Colm.

On Tue, Jan 30, 2018 at 6:37 PM, Tóth Csaba <[hidden email]> wrote:

> Hello!
> unfortunately not working.
> I already try:
> - documentbuilder -> claim.addValue node -> empty xsi:string element
> - documentbuilder, create XSAny from node -> claim.addValue XSAny ->
> empty child element without attributes, extra empty xsi:String
> - documentbuilder, create XSAny from node, add attributes for XSAny ->
> claim.addValue XSAny -> "Cannot replace an element's default namespace"
> - create XSAny, add attributes -> claim.addValue XSAny -> "Cannot
> replace an element's default namespace"
> - create XSAny from the claimParser incoming Element -> empty xsi:String
> element
>
> I ran out of ideas
>
> Csaba
>
> On 2018.01.30. 13:17, Tóth Csaba wrote:
> > Hello!
> >
> > Yes, its an option, just dont know, how will this signed.
> > but. Thanx
> > I will try.
> >
> > Csaba
> >
> > On 2018.01.30. 13:11, Colm O hEigeartaigh wrote:
> >> Is it an option for you just to use the DocumentBuilder then and
> specify a
> >> DOM Element on the Claim?
> >>
> >> Colm.
> >>
> >> On Tue, Jan 30, 2018 at 12:02 PM, Tóth Csaba <[hidden email]> wrote:
> >>
> >>> Hello!
> >>>
> >>> The problem is not about the place, where I can do that. the problem,
> >>> that I cant create the given XML fragment, because:
> >>> a, I dont get the attributes back (the SAML dont contains the
> attributes
> >>> of the element), the element is present (and an empty String value too)
> >>> b, I get XML error: "Cannot replace an element's default namespace"
> >>>
> >>> There is an example (you send it), but that create an String element
> >>> with the same namespace (SAML2 namespace), and a know xsi:type
> >>> I need more complex XML structure, with a third part namespace, a
> >>> xsi:type attribute, and multiple attributes with third part namespaces.
> >>>
> >>> Its not hard with the documentBuilder, but I dont know how to do this
> >>> with the OpenSAML XMLObjects.
> >>>
> >>> Csaba
> >>>
> >>>
> >>>
> >>> On 2018.01.30. 11:56, Colm O hEigeartaigh wrote:
> >>>> Are you trying to add this information to the SAML Assertion created
> in
> >>> the
> >>>> STS after receiving a Claim? If so then you shouldn't be adding it to
> the
> >>>> "requestClaim", but to the ProcessedClaim instance that is created in
> the
> >>>> CallbackHandler. I added a test to CXF that shows how to do it in a
> >>>> CustomClaimsHandler:
> >>>>
> >>>> https://github.com/apache/cxf/blob/master/services/sts/
> >>> systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/
> >>> CustomClaimsHandler.java
> >>>> Colm.
> >>>>
> >>>> On Mon, Jan 29, 2018 at 6:48 PM, Tóth Csaba <[hidden email]> wrote:
> >>>>
> >>>>> Hello!
> >>>>> Thanx, but look like not helped:
> >>>>>
> >>>>>                                 XMLObjectBuilderFactory
> builderFactory =
> >>>>>
> >>>>> XMLObjectProviderRegistrySupport.getBuilderFactory();
> >>>>>                                 @SuppressWarnings("unchecked")
> >>>>>                                 XMLObjectBuilder<XSAny> xsAnyBuilder
> =
> >>>>>
> >>>>> (XMLObjectBuilder<XSAny>)builderFactory.getBuilder(XSAny.TYPE_NAME);
> >>>>>                                 XSAny attributeValue =
> >>>>>
> >>>>> xsAnyBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
> >>>>>
> >>>>>                                 XSAny node =
> >>>>> xsAnyBuilder.buildObject(new QName("... namespace ... "," ... element
> >>>>> name... "),new QName("http://www.w3.org/2001/XMLSchema-instance
> >>> ","CE"));
> >>>>> attributeValue.getUnknownXMLObjects().add(node);
> >>>>>
> >>>>>                                 node.getUnknownAttributes().put(new
> >>>>> QName(".. attr namespace...","Code"),code);
> >>>>>                                 requestClaim.addValue(
> attributeValue);
> >>>>>
> >>>>> but I get an error for the building the SAML, that "Cannot replace an
> >>>>> element's default namespace"
> >>>>> Csaba
> >>>>>
> >>>>>
> >>>>> On 2018.01.29. 17:59, Colm O hEigeartaigh wrote:
> >>>>>> This WSS4J unit test might help you - it shows how to add a custom
> >>>>>> Attribute:
> >>>>>>
> >>>>>> https://github.com/apache/wss4j/blob/94f0e42d03011fa97122bcd495d268
> >>>>> ff33a5107f/ws-security-dom/src/test/java/org/apache/
> >>>>> wss4j/dom/saml/SamlTokenTest.java#L578
> >>>>>> Colm.
> >>>>>>
> >>>>>> On Mon, Jan 29, 2018 at 3:42 PM, Tóth Csaba <[hidden email]> wrote:
> >>>>>>
> >>>>>>> Hello!
> >>>>>>>
> >>>>>>> I need to put an XML fragment to one of the SAML Attribute:
> >>>>>>>
> >>>>>>> <saml-a:Attribute xmlns:saml-a="urn:oasis:names:
> >>> tc:SAML:2.0:assertion"
> >>>>>>> xmlns:wsa="http://www.w3.org/2005/08/addressing">
> >>>>>>> <saml-a:AttributeValue xmlns:xsi="http://www.w3.org/
> >>>>>>> 2001/XMLSchema-instance">
> >>>>>>>         <PurposeOfUse xmlns=" .... " xsi:type=" ... " attr1=" ... "
> >>>>>>> attr2=" ... "/>
> >>>>>>> </saml-a:AttributeValue>
> >>>>>>> </saml-a:Attribute>
> >>>>>>>
> >>>>>>> (the xsi:type is not an standard schema type)
> >>>>>>>
> >>>>>>> I get this information from an Claim. I parse already, and I have
> all
> >>>>>>> the fields. I need some solution how can I put to the requestClaim
> ant
> >>>>>>> the ClaimParser
> >>>>>>> I try to use the OpenSAML, to create a AttributeValue, but I dont
> know
> >>>>>>> how to create the PurposeOfUse element.
> >>>>>>>
> >>>>>>> Any idee?
> >>>>>>> Thanx
> >>>>>>>
> >>>>>>> Csaba
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >
>
>


--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: custom xml fragment to the SAML attribute

Tóth Csaba
Hello!

SOLVED.
The problem was, that I set the namespace for all the attribute.
Now: I create the empty (inner) element with namespace, than create an
XSAny node from it.
Add all the attribute.
When the attribute namespace is the same as the element, create it
without namespace definicion in the QName.

Then it working.

Csaba

On 2018.01.31. 10:43, Colm O hEigeartaigh wrote:

> Can you post the full opensaml code you are using and I'll take a look?
>
> Colm.
>
> On Tue, Jan 30, 2018 at 6:37 PM, Tóth Csaba <[hidden email]> wrote:
>
>> Hello!
>> unfortunately not working.
>> I already try:
>> - documentbuilder -> claim.addValue node -> empty xsi:string element
>> - documentbuilder, create XSAny from node -> claim.addValue XSAny ->
>> empty child element without attributes, extra empty xsi:String
>> - documentbuilder, create XSAny from node, add attributes for XSAny ->
>> claim.addValue XSAny -> "Cannot replace an element's default namespace"
>> - create XSAny, add attributes -> claim.addValue XSAny -> "Cannot
>> replace an element's default namespace"
>> - create XSAny from the claimParser incoming Element -> empty xsi:String
>> element
>>
>> I ran out of ideas
>>
>> Csaba
>>
>> On 2018.01.30. 13:17, Tóth Csaba wrote:
>>> Hello!
>>>
>>> Yes, its an option, just dont know, how will this signed.
>>> but. Thanx
>>> I will try.
>>>
>>> Csaba
>>>
>>> On 2018.01.30. 13:11, Colm O hEigeartaigh wrote:
>>>> Is it an option for you just to use the DocumentBuilder then and
>> specify a
>>>> DOM Element on the Claim?
>>>>
>>>> Colm.
>>>>
>>>> On Tue, Jan 30, 2018 at 12:02 PM, Tóth Csaba <[hidden email]> wrote:
>>>>
>>>>> Hello!
>>>>>
>>>>> The problem is not about the place, where I can do that. the problem,
>>>>> that I cant create the given XML fragment, because:
>>>>> a, I dont get the attributes back (the SAML dont contains the
>> attributes
>>>>> of the element), the element is present (and an empty String value too)
>>>>> b, I get XML error: "Cannot replace an element's default namespace"
>>>>>
>>>>> There is an example (you send it), but that create an String element
>>>>> with the same namespace (SAML2 namespace), and a know xsi:type
>>>>> I need more complex XML structure, with a third part namespace, a
>>>>> xsi:type attribute, and multiple attributes with third part namespaces.
>>>>>
>>>>> Its not hard with the documentBuilder, but I dont know how to do this
>>>>> with the OpenSAML XMLObjects.
>>>>>
>>>>> Csaba
>>>>>
>>>>>
>>>>>
>>>>> On 2018.01.30. 11:56, Colm O hEigeartaigh wrote:
>>>>>> Are you trying to add this information to the SAML Assertion created
>> in
>>>>> the
>>>>>> STS after receiving a Claim? If so then you shouldn't be adding it to
>> the
>>>>>> "requestClaim", but to the ProcessedClaim instance that is created in
>> the
>>>>>> CallbackHandler. I added a test to CXF that shows how to do it in a
>>>>>> CustomClaimsHandler:
>>>>>>
>>>>>> https://github.com/apache/cxf/blob/master/services/sts/
>>>>> systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/
>>>>> CustomClaimsHandler.java
>>>>>> Colm.
>>>>>>
>>>>>> On Mon, Jan 29, 2018 at 6:48 PM, Tóth Csaba <[hidden email]> wrote:
>>>>>>
>>>>>>> Hello!
>>>>>>> Thanx, but look like not helped:
>>>>>>>
>>>>>>>                                 XMLObjectBuilderFactory
>> builderFactory =
>>>>>>> XMLObjectProviderRegistrySupport.getBuilderFactory();
>>>>>>>                                 @SuppressWarnings("unchecked")
>>>>>>>                                 XMLObjectBuilder<XSAny> xsAnyBuilder
>> =
>>>>>>> (XMLObjectBuilder<XSAny>)builderFactory.getBuilder(XSAny.TYPE_NAME);
>>>>>>>                                 XSAny attributeValue =
>>>>>>>
>>>>>>> xsAnyBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
>>>>>>>
>>>>>>>                                 XSAny node =
>>>>>>> xsAnyBuilder.buildObject(new QName("... namespace ... "," ... element
>>>>>>> name... "),new QName("http://www.w3.org/2001/XMLSchema-instance
>>>>> ","CE"));
>>>>>>> attributeValue.getUnknownXMLObjects().add(node);
>>>>>>>
>>>>>>>                                 node.getUnknownAttributes().put(new
>>>>>>> QName(".. attr namespace...","Code"),code);
>>>>>>>                                 requestClaim.addValue(
>> attributeValue);
>>>>>>> but I get an error for the building the SAML, that "Cannot replace an
>>>>>>> element's default namespace"
>>>>>>> Csaba
>>>>>>>
>>>>>>>
>>>>>>> On 2018.01.29. 17:59, Colm O hEigeartaigh wrote:
>>>>>>>> This WSS4J unit test might help you - it shows how to add a custom
>>>>>>>> Attribute:
>>>>>>>>
>>>>>>>> https://github.com/apache/wss4j/blob/94f0e42d03011fa97122bcd495d268
>>>>>>> ff33a5107f/ws-security-dom/src/test/java/org/apache/
>>>>>>> wss4j/dom/saml/SamlTokenTest.java#L578
>>>>>>>> Colm.
>>>>>>>>
>>>>>>>> On Mon, Jan 29, 2018 at 3:42 PM, Tóth Csaba <[hidden email]> wrote:
>>>>>>>>
>>>>>>>>> Hello!
>>>>>>>>>
>>>>>>>>> I need to put an XML fragment to one of the SAML Attribute:
>>>>>>>>>
>>>>>>>>> <saml-a:Attribute xmlns:saml-a="urn:oasis:names:
>>>>> tc:SAML:2.0:assertion"
>>>>>>>>> xmlns:wsa="http://www.w3.org/2005/08/addressing">
>>>>>>>>> <saml-a:AttributeValue xmlns:xsi="http://www.w3.org/
>>>>>>>>> 2001/XMLSchema-instance">
>>>>>>>>>         <PurposeOfUse xmlns=" .... " xsi:type=" ... " attr1=" ... "
>>>>>>>>> attr2=" ... "/>
>>>>>>>>> </saml-a:AttributeValue>
>>>>>>>>> </saml-a:Attribute>
>>>>>>>>>
>>>>>>>>> (the xsi:type is not an standard schema type)
>>>>>>>>>
>>>>>>>>> I get this information from an Claim. I parse already, and I have
>> all
>>>>>>>>> the fields. I need some solution how can I put to the requestClaim
>> ant
>>>>>>>>> the ClaimParser
>>>>>>>>> I try to use the OpenSAML, to create a AttributeValue, but I dont
>> know
>>>>>>>>> how to create the PurposeOfUse element.
>>>>>>>>>
>>>>>>>>> Any idee?
>>>>>>>>> Thanx
>>>>>>>>>
>>>>>>>>> Csaba
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>
>