Abdelali Kaoukab February 2016

OpenSaml encryptedID Validation Failed

My need is to encrypt the nameId and send it in AuthnRequest. i'm facing a problem with openSaml (v 2.6.1) Validator SubjectShemaValidator. the request validation fails with error "ID or SubjectConfirmation required" because there is no BaseID, BaseID, nor SubjectConfirmations.

here is my authent request :

<saml2p:AuthnRequest AssertionConsumerServiceURL="https:..." ForceAuthn="false" ID="4ed1e8875b99" IssueInstant="2016-01-27T15:39:26.195Z" ProtocolBinding="POST" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">APPLICATION</saml2:Issuer><saml2:Subject xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:EncryptedID><xenc:EncryptedData Id="_b8b7761b84db0c4c5254b4f4c3ef9d1d" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey Id="_922bd10322d761ca1a5450213da896ea" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/></xenc:EncryptionMethod><xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:CipherValue>ABCD</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:CipherValue>EFGH</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></saml2:EncryptedID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>        

Answers


Tipu February 2016

instead of ecrypton of nameId you can directly put like this

AuthnRequest request = buildSAMLObject(AuthnRequest.class);


        NameIDPolicy nameIdPolicy = buildSAMLObject(NameIDPolicy.class);
        nameIdPolicy.setAllowCreate(true);
        nameIdPolicy.setFormat(NameIDType.EMAIL);
        request.setNameIDPolicy(nameIdPolicy);


public static <T> T buildSAMLObject(final Class<T> clazz) {
        T object = null;
        try {
            XMLObjectBuilderFactory builderFactory = Configuration
                    .getBuilderFactory();
            QName defaultElementName = (QName) clazz.getDeclaredField(
                    "DEFAULT_ELEMENT_NAME").get(null);
            object = (T) builderFactory.getBuilder(defaultElementName)
                    .buildObject(defaultElementName);
        } catch (IllegalAccessException e) {
            throw new IllegalArgumentException("Could not create SAML object");
        } catch (NoSuchFieldException e) {
            throw new IllegalArgumentException("Could not create SAML object");
        }

        return object;
    }

Post Status

Asked in February 2016
Viewed 1,803 times
Voted 14
Answered 1 times

Search




Leave an answer