[OpenSAML] org.opensaml.xml.XMLRuntimeException: DOM Element node adoption failed thrown when signing the assertion
256 views
Skip to first unread message
Thilina Mahesh Buddhika
Jul 14, 2009, 10:30:11 AM7/14/09
to mace-open...@internet2.edu
hi all,
I am trying to sign a SAML 2.0 assertion built using OpenSAML2.0 library. In this assertion, I am using holder-of-key subject confirmation method. In subjectConfirmationData element, I am adding a <ds:keyInfo> element to it. I use Axiom to build this keyInfo element. Then I am unmarshelling that keyinfo element to an XMLObject by using the following code snippet.
---------------------------------------------------------------------------------
UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(keyInfoElem);
// Unmarshall using the document root element, an EntitiesDescriptor in this case
XMLObject keyInfoElement = null;
try {
keyInfoElement = unmarshaller.unmarshall(keyInfoElem);
} catch (UnmarshallingException e) {
throw new TrustException("Error unmarshalling KeyInfo Element", e);
}
----------------------------------------------------------------------
Then I am adding this element into a KeyInfoConfirmationDataType element.
When I am trying to sign the resulting SAML assertion I am hitting with an exception as stated in subject. The StackTrace is as follows.
org.opensaml.xml.XMLRuntimeException: DOM Element node adoption failed
at org.opensaml.xml.util.XMLHelper.adoptElement(XMLHelper.java:482)
at org.opensaml.xml.util.XMLHelper.appendChildElement(XMLHelper.java:467)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:161)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:316)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:224)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:175)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:316)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:224)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:175)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:316)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:224)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:175)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:316)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:224)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:130)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:86)
at org.apache.rahas.impl.SAML2TokenIssuer.setSignature(SAML2TokenIssuer.java:461)
When I went through the code of XMLHelper, I found that this error is due to the use of two different dom implementations of adaper and adaptee elements.
/**
* Adopts an element into a document if the child is not already in the document.
*
* @param adoptee the element to be adopted
* @param adopter the document into which the element is adopted
*/
public static void adoptElement(Element adoptee, Document adopter) {
if (!(adoptee.getOwnerDocument().equals(adopter))) {
if (adopter.adoptNode(adoptee) == null) {
// This can happen if the adopter and adoptee were produced by different DOM implementations
throw new XMLRuntimeException("DOM Element node adoption failed");
}
}
}
I guess this is due to the fact that I am using axiom to build the keyInfo element. Due to some constraints, I am keen on keeping the Axiom involvement as it is.
Is there any workaround for this ?
Thanks in advance.
best regards,
/thilina
E-Mail : thil...@gmail.com
I blog here : http://thilinamb.com
I am trying to sign a SAML 2.0 assertion built using OpenSAML2.0 library. In this assertion, I am using holder-of-key subject confirmation method. In subjectConfirmationData element, I am adding a <ds:keyInfo> element to it. I use Axiom to build this keyInfo element. Then I am unmarshelling that keyinfo element to an XMLObject by using the following code snippet.
---------------------------------------------------------------------------------
UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(keyInfoElem);
// Unmarshall using the document root element, an EntitiesDescriptor in this case
XMLObject keyInfoElement = null;
try {
keyInfoElement = unmarshaller.unmarshall(keyInfoElem);
} catch (UnmarshallingException e) {
throw new TrustException("Error unmarshalling KeyInfo Element", e);
}
----------------------------------------------------------------------
Then I am adding this element into a KeyInfoConfirmationDataType element.
When I am trying to sign the resulting SAML assertion I am hitting with an exception as stated in subject. The StackTrace is as follows.
org.opensaml.xml.XMLRuntimeException: DOM Element node adoption failed
at org.opensaml.xml.util.XMLHelper.adoptElement(XMLHelper.java:482)
at org.opensaml.xml.util.XMLHelper.appendChildElement(XMLHelper.java:467)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:161)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:316)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:224)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:175)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:316)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:224)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:175)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:316)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:224)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:175)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:316)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:224)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:130)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:86)
at org.apache.rahas.impl.SAML2TokenIssuer.setSignature(SAML2TokenIssuer.java:461)
When I went through the code of XMLHelper, I found that this error is due to the use of two different dom implementations of adaper and adaptee elements.
/**
* Adopts an element into a document if the child is not already in the document.
*
* @param adoptee the element to be adopted
* @param adopter the document into which the element is adopted
*/
public static void adoptElement(Element adoptee, Document adopter) {
if (!(adoptee.getOwnerDocument().equals(adopter))) {
if (adopter.adoptNode(adoptee) == null) {
// This can happen if the adopter and adoptee were produced by different DOM implementations
throw new XMLRuntimeException("DOM Element node adoption failed");
}
}
}
I guess this is due to the fact that I am using axiom to build the keyInfo element. Due to some constraints, I am keen on keeping the Axiom involvement as it is.
Is there any workaround for this ?
Thanks in advance.
best regards,
/thilina
E-Mail : thil...@gmail.com
I blog here : http://thilinamb.com
Chad La Joie
Jul 14, 2009, 10:36:13 AM7/14/09
to mace-open...@internet2.edu
About the only way to move between XML libraries with different object
models (and AXIOM is *not* DOM) is to write the XML out to a string from
one model and read it back in to the other model.
models (and AXIOM is *not* DOM) is to write the XML out to a string from
one model and read it back in to the other model.
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad....@switch.ch, http://www.switch.ch
Thilina Mahesh Buddhika
Jul 15, 2009, 1:35:18 AM7/15/09
to mace-open...@internet2.edu
Thanks Chad. It solved my problem.
Reply all
Reply to author
Forward
0 new messages