Hi All,

Forgive me if this is a dumb question, but I'm having some problems
migrating some proof of concept code from the OpenSAML 1 to OpenSAML 2
library. I was able to build a simple SAMLResponse to successfully login to
Salesforce.com, but now that I am trying to port that code over to using
OpenSAML 2 (still using SAML 1.1), I'm not understanding how to link the
objects together to build the assertion. I understand that the two libraries
are not directly compatible, but hoping someone can point me in the right
direction. Specifically, I am having problems with:

-How to add a subject confirmation method?
-How to add an audience to an AudienceRestrictionCondition?
-How to add an AuthenticationStatement to an Assertion?
-How to add an AudienceRestrictionCondition to an Assertion?

Below is a snippet of my working code in OpenSAML 1 and compared to my
attempt in OpenSAML 2 with these items marked as TODOs in the OpenSAML 2
code:

OPEN SAML 1:

    SAMLAssertion createAssertion(String username, String issuer) throws
SAMLException{
        SAMLNameIdentifier nameId = new SAMLNameIdentifier();
            nameId.setName(username);
            nameId.checkValidity();

        SAMLSubject subject = new SAMLSubject();
            subject.setNameIdentifier(nameId);

subject.addConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:bearer");
            subject.checkValidity();

        SAMLAuthenticationStatement authStatement = new
SAMLAuthenticationStatement();
            authStatement.setAuthMethod("AuthenticationMethod_Password");
            authStatement.setAuthInstant(new Date());
            authStatement.setSubject(subject);
            authStatement.checkValidity();

        SAMLAudienceRestrictionCondition condition = new
SAMLAudienceRestrictionCondition();
            condition.addAudience("https://saml.salesforce.com");
            condition.checkValidity();

        SAMLAssertion assertion = new SAMLAssertion();
            assertion.setIssuer(issuer);
            assertion.setIssueInstant(new Date());
            assertion.setMinorVersion(1);
            assertion.addStatement(authStatement);
            assertion.addCondition(condition);
            assertion.setId(generateId());
            assertion.setNotBefore(new Date());
            assertion.setNotOnOrAfter(new Date(2010,12,31));
            assertion.checkValidity();
        return assertion;
    }

OpenSAML 2:
    public IdentityProvider() throws Exception{
        DefaultBootstrap.bootstrap();
        builderFactory = Configuration.getBuilderFactory();
    }

    Assertion createAssertion(String username, String issuer) throws
Exception{
        SAMLObjectBuilder<NameIdentifier> nameIdBuilder =
(SAMLObjectBuilder<NameIdentifier>)
builderFactory.getBuilder(NameIdentifier.DEFAULT_ELEMENT_NAME);
        NameIdentifier nameId = nameIdBuilder.buildObject();
            nameId.setNameIdentifier(username);

        SAMLObjectBuilder<SubjectConfirmationData>
subjectConfirmationDataBuilder =
(SAMLObjectBuilder<SubjectConfirmationData>)
builderFactory.getBuilder(SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
        SubjectConfirmationData subjectConfirmationData =
subjectConfirmationDataBuilder.buildObject();
//
subjectConfirmationData.addConfirmationMethod("urn:oasis:names:tc:SAML:1.0: cm:bearer");
//TODO: addConfirmationMethod() method does not exist

        SAMLObjectBuilder<SubjectConfirmation> subjectConfirmationBuilder =
(SAMLObjectBuilder<SubjectConfirmation>)
builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
        SubjectConfirmation subjectConfirmation =
subjectConfirmationBuilder.buildObject();

subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);

        SAMLObjectBuilder<Subject> subjectBuilder =
(SAMLObjectBuilder<Subject>)
builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME);
        Subject subject = subjectBuilder.buildObject();
            subject.setNameIdentifier(nameId);
            subject.setSubjectConfirmation(subjectConfirmation);

        SAMLObjectBuilder<AuthenticationStatement> authStatementBuilder =
(SAMLObjectBuilder<AuthenticationStatement>)
builderFactory.getBuilder(AuthenticationStatement.DEFAULT_ELEMENT_NAME);
        AuthenticationStatement authStatement =
authStatementBuilder.buildObject();
            authStatement.setSubject(subject);

authStatement.setAuthenticationMethod("AuthenticationMethod_Password");
            authStatement.setAuthenticationInstant(new DateTime());

        SAMLObjectBuilder<AudienceRestrictionCondition> conditionBuilder =
(SAMLObjectBuilder<AudienceRestrictionCondition>)
builderFactory.getBuilder(AudienceRestrictionCondition.DEFAULT_ELEMENT_NAME );
        AudienceRestrictionCondition condition =
conditionBuilder.buildObject();
            //condition.addAudience("https://saml.salesforce.com"); //TODO:
addAudience() method does not exist

        SAMLObjectBuilder<Assertion> assertionBuilder =
(SAMLObjectBuilder<Assertion>)
builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
        Assertion assertion = assertionBuilder.buildObject();
            assertion.setIssuer(issuer);
            assertion.setIssueInstant(new DateTime());
            assertion.setVersion(SAMLVersion.VERSION_11);
            assertion.setID(generateId());
            //assertion.addStatement(authStatement); //TODO: addStatement()
method does not exist
            //assertion.addCondition(condition); //TODO: addCondition()
method does not exist

        return assertion;
    }

Any tips anyone can provide would be appreciated.

Thank you,
Ryan

-- Scott

Scott, thank you very much for the quick response. That worked perfectly!