Home Ask Login Register

Developers Planet

Your answer is one click away!

Abdelali Kaoukab February 2016

OpenSaml encryptedID Validation Failed

My need is to encrypt the nameId and send it in AuthnRequest. i'm facing a problem with openSaml (v 2.6.1) Validator SubjectShemaValidator. the request validation fails with error "ID or SubjectConfirmation required" because there is no BaseID, BaseID, nor SubjectConfirmations.

here is my authent request :

<saml2p:AuthnRequest AssertionConsumerServiceURL="https:..." ForceAuthn="false" ID="4ed1e8875b99" IssueInstant="2016-01-27T15:39:26.195Z" ProtocolBinding="POST" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">APPLICATION</saml2:Issuer><saml2:Subject xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:EncryptedID><xenc:EncryptedData Id="_b8b7761b84db0c4c5254b4f4c3ef9d1d" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey Id="_922bd10322d761ca1a5450213da896ea" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/></xenc:EncryptionMethod><xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:CipherValue>ABCD</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:CipherValue>EFGH</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></saml2:EncryptedID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>        

Answers


Tipu February 2016

instead of ecrypton of nameId you can directly put like this

AuthnRequest request = buildSAMLObject(AuthnRequest.class);


        NameIDPolicy nameIdPolicy = buildSAMLObject(NameIDPolicy.class);
        nameIdPolicy.setAllowCreate(true);
        nameIdPolicy.setFormat(NameIDType.EMAIL);
        request.setNameIDPolicy(nameIdPolicy);


public static <T> T buildSAMLObject(final Class<T> clazz) {
        T object = null;
        try {
            XMLObjectBuilderFactory builderFactory = Configuration
                    .getBuilderFactory();
            QName defaultElementName = (QName) clazz.getDeclaredField(
                    "DEFAULT_ELEMENT_NAME").get(null);
            object = (T) builderFactory.getBuilder(defaultElementName)
                    .buildObject(defaultElementName);
        } catch (IllegalAccessException e) {
            throw new IllegalArgumentException("Could not create SAML object");
        } catch (NoSuchFieldException e) {
            throw new IllegalArgumentException("Could not create SAML object");
        }

        return object;
    }

Post Status

Asked in February 2016
Viewed 1,803 times
Voted 14
Answered 1 times

Search




Leave an answer


Quote of the day: live life