[OpenSAML] RE: Welcome to the list mace-opensaml-users

[ravi.balas...@idhasoft.com]

Am trying to work with opensaml 2.2.3. When i use the same jar in my application and try to create assertion, am able to get the assertion object as java object but when try to marshall it using the MarshallerFactory, am getting nullpointerException.

SampleCode :

MarshallerFactory marshallerFactory = Configuration.getMarshallerFactory();
Marshaller marshaller = marshallerFactory.getMarshaller(assertion);

In the above sample, i get the marshaller object as null.

Would be great if someone can help me out resolving this issue.

 

Environment: Tomcat 6.0

[Thilina Mahesh Buddhika]

Hi Ravi,

Did you endorsed the jars as specified here[1] ?

Thanks.
/thilina

[1] - https://spaces.internet2.edu/display/OpenSAML/OSTwoDevManJavaSetup

E-Mail         : thil...@gmail.com
I blog here : http://thilinamb.com

[ravi.balas...@idhasoft.com]

I am using myeclipse 7.5 and tomcat 6.0. not sure how to endorse the jars?

 

---

[Thilina Mahesh Buddhika]

Place the endorsed jars in <JDK_HOME>/jre/lib/endorsed, then Eclipse will pick it from there. You need to put the same set of jars at <TOMCAT_HOME>/endorsed dir.

Thanks.
/thilina

E-Mail         : thil...@gmail.com
I blog here : http://thilinamb.com

[ravi.balas...@idhasoft.com]

I have this JAR. Still having the same issue.

[Thilina Mahesh Buddhika]

Xalan and Xerces jars need to be there inside those endorsed directories as specified in https://spaces.internet2.edu/display/OpenSAML/OSTwoDevManJavaSetup.

Then having the OpenSAML jars in your classpath is sufficient.

Thanks.
/thilina

E-Mail         : thil...@gmail.com
I blog here : http://thilinamb.com

[ravi.balas...@idhasoft.com]

Thanks for you assistance.. I was able to get through. Was missing the openws-1.2.2 jar reference

[ravi.balas...@idhasoft.com]

I need to encrypt the subject value based on algorithm http://www.w3.org/2001/04/xmlenc#aes128_cbc  , key transport RSA 1_5 and RSSA 1024 bit keys.

 

Any sample code?

 

Thanks

Ravi

[Thilina Mahesh Buddhika]

Hi Ravi,

Hope this user manual available in the OpenSAML official site will help [1].

Thanks.
/ thilina

[1] - https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManJavaDSIG

E-Mail         : thil...@gmail.com
I blog here : http://thilinamb.com

[Brent Putman]

That is for signature operations. If he really means encryption, then
the relevant user's manual page is here:

https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManJavaXMLEncryption

--Brent

Thilina Mahesh Buddhika wrote:
> Hi Ravi,
>
> Hope this user manual available in the OpenSAML official site will
> help [1].
>
> Thanks.
> / thilina
>
> [1] - https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManJavaDSIG
>

> E-Mail : thil...@gmail.com <mailto:thil...@gmail.com>

> I blog here : http://thilinamb.com
>
>
> On Tue, Aug 25, 2009 at 11:19 PM, <ravi.balas...@idhasoft.com
> <mailto:ravi.balas...@idhasoft.com>> wrote:
>
> I need to encrypt the subject value based on algorithm
> http://www.w3.org/2001/04/xmlenc#aes128_cbc , key transport RSA
> 1_5 and RSSA 1024 bit keys.
>
>
>
> Any sample code?
>
>
>
> Thanks
>
> Ravi
>
>
>

> ------------------------------------------------------------------------
>
> *From:* Thilina Mahesh Buddhika [mailto:thil...@gmail.com
> <mailto:thil...@gmail.com>]
> *Sent:* Tuesday, August 18, 2009 2:25 PM
>
> *To:* mace-open...@internet2.edu
> <mailto:mace-open...@internet2.edu>
> *Subject:* Re: [OpenSAML] RE: Welcome to the list mace-opensaml-users

>
>
>
> Xalan and Xerces jars need to be there inside those endorsed
> directories as specified in
> https://spaces.internet2.edu/display/OpenSAML/OSTwoDevManJavaSetup.
>
> Then having the OpenSAML jars in your classpath is sufficient.
>
> Thanks.
> /thilina
>

> E-Mail : thil...@gmail.com <mailto:thil...@gmail.com>

> I blog here : http://thilinamb.com
>
> On Tue, Aug 18, 2009 at 11:50 PM,
> <ravi.balas...@idhasoft.com

> <mailto:ravi.balas...@idhasoft.com>> wrote:
>
> I have this JAR. Still having the same issue.
>
>
>

> ------------------------------------------------------------------------
>
> *From:* Thilina Mahesh Buddhika [mailto:thil...@gmail.com
> <mailto:thil...@gmail.com>]
> *Sent:* Tuesday, August 18, 2009 2:13 PM
>
>
> *To:* mace-open...@internet2.edu
> <mailto:mace-open...@internet2.edu>
> *Subject:* Re: [OpenSAML] RE: Welcome to the list mace-opensaml-users

>
>
>
> Place the endorsed jars in <JDK_HOME>/jre/lib/endorsed, then
> Eclipse will pick it from there. You need to put the same set of
> jars at <TOMCAT_HOME>/endorsed dir.
>
> Thanks.
> /thilina
>

> E-Mail : thil...@gmail.com <mailto:thil...@gmail.com>

> I blog here : http://thilinamb.com
>
> On Tue, Aug 18, 2009 at 11:38 PM,
> <ravi.balas...@idhasoft.com

> <mailto:ravi.balas...@idhasoft.com>> wrote:
>
> I am using myeclipse 7.5 and tomcat 6.0. not sure how to endorse
> the jars?
>
>
>

> ------------------------------------------------------------------------
>
> *From:* Thilina Mahesh Buddhika [mailto:thil...@gmail.com
> <mailto:thil...@gmail.com>]
> *Sent:* Tuesday, August 18, 2009 1:59 PM
> *To:* mace-open...@internet2.edu
> <mailto:mace-open...@internet2.edu>
> *Subject:* Re: [OpenSAML] RE: Welcome to the list mace-opensaml-users

>
>
>
> Hi Ravi,
>
> Did you endorsed the jars as specified here[1] ?
>
> Thanks.
> /thilina
>
> [1] -
> https://spaces.internet2.edu/display/OpenSAML/OSTwoDevManJavaSetup
>

> E-Mail : thil...@gmail.com <mailto:thil...@gmail.com>

> I blog here : http://thilinamb.com
>
> On Tue, Aug 18, 2009 at 10:47 PM,
> <ravi.balas...@idhasoft.com

[Thilina Mahesh Buddhika]

Sorry, I have mistakenly pointed to the wrong page.

/ thilina
E-Mail         : thil...@gmail.com

I blog here : http://thilinamb.com

[ravi.balas...@idhasoft.com]

 

Any sample code available to parse the metadata file to get public Key to use in encrypting assertion?

[Paul Hethmon]

http://code.crt.realtors.org/projects/websso

It pulls the certificate out for validating signing, but same principle.

Paul

On 8/25/09 4:42 PM, "ravi.balas...@idhasoft.com" <ravi.balas...@idhasoft.com> wrote:

 
Any sample code available to parse the metadata file to get public Key to use in encrypting assertion?

-----
Paul Hethmon
Chief Software Architect
Clareity Security, LLC
865.824.1350 - office
865.250.3517 - mobile
www.clareitysecurity.com
-----

God does not play dice with the universe; He plays an ineffable game of his own devising, which might be compared, from the perspective of any of the other players, to being involved in an obscure and complex version of poker in a pitch dark room, with blank cards, for infinite stakes, with a dealer who won't tell you the rules, and who smiles all the time.

 -- Terry Pratchett, Good Omens

[ravi.balas...@idhasoft.com]

I tried the sample code. I got stuck in error

ava.lang.NoClassDefFoundError: org/apache/commons/ssl/TrustMaterial

      at org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:317)

      at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificate(KeyInfoHelper.java:196)

      at com.sba.saml.GetAssertion.getEncryptedAssertion(GetAssertion.java:363)

      at com.sba.saml.GetAssertion.getAssertionData(GetAssertion.java:309)

 

I get this error when converting SAML x509Certificate to Java X509Certiticate

 

java.security.cert.X509Certificate jX509Cert;

      jX509Cert = KeyInfoHelper.getCertificate((org.opensaml.xml.signature.X509Certificate) x509Cert);

 

I have added bouncy castle JAR file to my project.

 

---

[Chad La Joie]

OpenSAML comes with the list of required libraries. You have to have
all of them on your classpath. This error is because the
not-yet-commons-ssl jar is not there.

ravi.balas...@idhasoft.com wrote:
> Re: [OpenSAML] Parsing Metadata file
>

> I tried the sample code. I got stuck in error
>
> ava.lang.NoClassDefFoundError: org/apache/commons/ssl/TrustMaterial
>

> at org.opensaml.xml.security.x509.X509Util.decodeCertificate(*
> X509Util.java:317*)
>
> at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificate(*
> KeyInfoHelper.java:196*)
>
> at com.sba.saml.GetAssertion.getEncryptedAssertion(*
> GetAssertion.java:363*)
>
> at com.sba.saml.GetAssertion.getAssertionData(*GetAssertion.java:309*)

>
>
>
> I get this error when converting SAML x509Certificate to Java
> X509Certiticate
>
>
>
> java.security.cert.X509Certificate jX509Cert;
>
> jX509Cert =

> KeyInfoHelper.*getCertificate*((org.opensaml.xml.signature.X509Certificate)

> x509Cert);
>
>
>
> I have added bouncy castle JAR file to my project.
>
>

> ------------------------------
>
> *From:* Paul Hethmon [mailto:paul.h...@clareitysecurity.com]
> *Sent:* Tuesday, August 25, 2009 4:52 PM
> *To:* OpenSAML List
> *Subject:* Re: [OpenSAML] Parsing Metadata file

>
>
>
>
> http://code.crt.realtors.org/projects/websso
>
> It pulls the certificate out for validating signing, but same principle.
>
> Paul
>
>
> On 8/25/09 4:42 PM, "ravi.balas...@idhasoft.com" <
> ravi.balas...@idhasoft.com> wrote:
>
>
> Any sample code available to parse the metadata file to get public Key to
> use in encrypting assertion?
>
>
>
>
> -----
> Paul Hethmon
> Chief Software Architect
> Clareity Security, LLC
> 865.824.1350 - office
> 865.250.3517 - mobile
> www.clareitysecurity.com
> -----
>
> God does not play dice with the universe; He plays an ineffable game of his
> own devising, which might be compared, from the perspective of any of the
> other players, to being involved in an obscure and complex version of poker
> in a pitch dark room, with blank cards, for infinite stakes, with a dealer
> who won't tell you the rules, and who smiles all the time.
>
> -- Terry Pratchett, Good Omens
>

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad....@switch.ch, http://www.switch.ch