[OpenSAML] Unmarshall and validating an SAML file
murali...@yahoo.co.in
I am trying to unmarshall and validate an SAML file using SAML2.0 API. While running the below piece of code, I am getting the error.
String inCommonMDFile = "templates/SamlResponse.xml";
try {
DefaultBootstrap.bootstrap();
BasicParserPool ppMgr = new BasicParserPool();
ppMgr.setNamespaceAware(true);
InputStream in = new ByteArrayInputStream(inCommonMDFile.getBytes()); Document inCommonMDDoc = ppMgr.parse(in);
Element metadataRoot = inCommonMDDoc.getDocumentElement();
Schema schema = SAMLSchemaBuilder.getSAML11Schema(); Validator validator = schema.newValidator();
javax.xml.transform.dom.DOMSource domSrc = new DOMSource(metadataRoot); validator.validate(domSrc);
UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(metadataRoot);
Response samlResponse = (Response) unmarshaller.unmarshall(metadataRoot);
} catch (XMLParserException xe) {
System.out.println("Unable to parse XML file: " + xe);
catch (ConfigurationException e) {
e.printStackTrace();
} catch (SAXException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
Below are the error details.Please can any one help me out with the issue.
Unable to parse XML file: org.opensaml.xml.parse.XMLParserException: Invalid XML
21-Oct-2009 18:37:41 org.opensaml.xml.parse.LoggingErrorHandler fatalError
SEVERE: XML Parsing Error
org.xml.sax.SAXParseException: Content is not allowed in prolog.
at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLScanner.reportFatalError(Unknown Source)
at org.apache.xerces.impl.XMLDocumentScannerImpl$PrologDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at javax.xml.parsers.DocumentBuilder.parse(Unknown Source)
at org.opensaml.xml.parse.BasicParserPool$DocumentBuilderProxy.parse(BasicParserPool.java:607)
at org.opensaml.xml.parse.BasicParserPool.parse(BasicParserPool.java:210)
at util.MetadataTest.testInCommonUnmarshall(MetadataTest.java:80)
at util.MetadataTest.main(MetadataTest.java:124)
Below is the my SAML file,I am using.
=================SamlResponse.xml================
<Response IssueInstant="2009-09-04T13:37:33Z" MajorVersion="1" MinorVersion="1" ID="1bc6d017-f9bd-4333-a618-a73cd4ea51ac">
<Status><StatusCode Value="Success"/>
</Status><Assertion AssertionID="9e39584f-5cbd-4241-9ec7-56e011a2035f" IssueInstant="2009-09-04T13:37:33Z" Issuer="Test Issuer" MajorVersion="1" MinorVersion="1">
<Conditions NotBefore="2009-09-04T13:37:33Z" NotOnOrAfter="2009-09-04T13:37:38Z"/>
<AuthenticationStatement AuthenticationInstant="2009-09-04T13:37:33Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
<Subject>
<NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">me....@domain.co.uk</NameIdentifier>
<SubjectConfirmation/>
</Subject>
</AuthenticationStatement>
</Assertion>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#1bc6d017-f9bd-4333-a618-a73cd4ea51ac">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>0qnKCEgW2h7yX/1UfkngJXGXxPk=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>vgefKC1BZXTeNjUEqU1aGvBfn1H.....</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIDPTCCAuegAwIBAgIJAK3Eu7cvYD .........</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Response>
=====================
Many Thanks
Regards,
Murali
Xavier Drudis Ferran
> String inCommonMDFile = "templates/SamlResponse.xml";
[...]
> InputStream in = new ByteArrayInputStream(inCommonMDFile.getBytes()); Document inCommonMDDoc = ppMgr.parse(in);
Are you using the file name as if it was the file content ?
Why don't you just use a FileInputStream ?
--
Xavi Drudis Ferran
xdr...@ambarinformatica.com
murali mca
Thanks for the reply. After using FileInputStream,I am able to get rid of the error. Now I am getting with below "SAX ParserException" error.
org.xml.sax.SAXParseException : cvc-elt.1: Cannot find the declaration of element 'Response'. at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source) at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source) |
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) |
at org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.startElement(Unknown Source) at org.apache.xerces.jaxp.validation.DOMValidatorHelper.beginNode(Unknown Source) at org.apache.xerces.jaxp.validation.DOMValidatorHelper.validate(Unknown Source) at org.apache.xerces.jaxp.validation.DOMValidatorHelper.validate(Unknown Source) at org.apache.xerces.jaxp.validation.ValidatorImpl.validate(Unknown Source) at javax.xml.validation.Validator.validate(Unknown Source) at util.MetadataTest.testInCommonUnmarshall(MetadataTest.java:89) at util.MetadataTest.main(MetadataTest.java:126) Can you help me to understand, why this error is throwing and how the schema validation works in SAML?
Thanks,
Regards.
--- On Thu, 22/10/09, Xavier Drudis Ferran <xdr...@ambarinformatica.com> wrote: |
Keep up with people you care about with Yahoo! India Mail. Learn how.
Brent Putman
<Response IssueInstant="2009-09-04T13:37:33Z" MajorVersion="1"
MinorVersion="1" ID="1bc6d017-f9bd-4333-a618-a73cd4ea51ac">
then it is in fact invalid, b/c you don't have any namespace
declarations in there at all. SAML (both v1 and v 2) is always
namespace-qualified. The schema validation is then correctly reporting
that it does not know about any declaration for a (non-namespace
qualified) Element called 'Response'.
You need to add the appropriate namespace declarations to you SAML data.
--Brent
murali mca
Hi
Thanks for reply.
I have got the SAML with namespace and now am able to resolve the "SAXParseException".
String fileName = "C:/Users/SamlResponse.xml"; |
|
BasicParserPool ppMgr = new BasicParserPool();ppMgr.setNamespaceAware( true |
| );
Document inCommonMDDoc; FileInputStream in = new FileInputStream(new File(fileName));try{ inCommonMDDoc = ppMgr.parse(in); Element responseRoot = inCommonMDDoc.getDocumentElement();
System. out.println("responseRoot is:"+responseRoot);
UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(responseRoot);
Response samlresponse = (Response) unmarshaller.unmarshall(responseRoot);
} catch (XMLParserException e){e.printStackTrace();
} catch (UnmarshallingException e){e.printStackTrace(); }
When I ran the above piece of code, I am presenting with responseRoot: null
"Exception in thread "main" java.lang.NullPointerException "
I am getting the "null", at this line. Element responseRoot = inCommonMDDoc.getDocumentElement();
Please could you correct me if I am doing wrong in mycode.
Thanks
Regards
|
|
From cricket scores to your friends. Try the Yahoo! India Homepage!
Brent Putman
XML parsing. Not much can go wrong there, it's not even the opensaml
code, just JAXP. So check that that is the correct filename, that the
file isn't empty, etc.
Are you sure the error is from that line? I don't see you calling
DefaultBootstrap.bootstrap() in your code snippet. Failing to bootstrap
the library that would most likely generate an NPE a few lines down,
where an attempt would be made to use the (null reference) unmarshaller .
murali mca wrote:
>
>
> When I ran the above piece of code, I am presenting with
> responseRoot: null
> "Exception in thread "main" _java.lang.NullPointerException_ "
>
> I am getting the "null", at this line. Element responseRoot =
> inCommonMDDoc.getDocumentElement();
> Please could you correct me if I am doing wrong in mycode.
>
> Thanks
> Regards
>
>
> <http://in.rd.yahoo.com/tagline_metro_4/*http://in.yahoo.com/trynew>
murali mca
Brent, Many Thanks for pointing the DefaultBootstrap.bootstrap().
I have added "DefaultBootstrap.bootstrap();" in my code and could see the below error in the output:
======================
26-Oct-2009 21:58:53 org.apache.catalina.core.ApplicationContext log
INFO: HTMLManager: list: Listing contexts for virtual host 'localhost' [org.opensaml.DefaultBootstrap] : Initializing Velocity template engine [org.opensaml.xml.Configuration] : VM using JAXP parser oracle.xml.jaxp.JXDocumentBuilderFactory 26-Oct-2009 21:58:58 org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet jsp threw exception java.lang.UnsupportedOperationException: This parser does not support specification "null" version "null" at javax.xml.parsers.DocumentBuilderFactory.setSchema(Unknown Source) at org.opensaml.xml.parse.BasicParserPool.initializePool(BasicParserPool.java:498) at org.opensaml.xml.parse.BasicParserPool.<init>(BasicParserPool.java:144) at org.opensaml.xml.XMLConfigurator.<init>(XMLConfigurator.java:70) at org.opensaml.DefaultBootstrap.initializeXMLTooling(DefaultBootstrap.java:131) at org.opensaml.DefaultBootstrap.bootstrap(DefaultBootstrap.java:75) at org.apache.jsp.service_005fprovider_jsp._jspService(service_005fprovider_jsp.java:122) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:384) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:196) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:216) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:634) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445) at java.lang.Thread.run(Unknown Source) ==================================
I have endorsed the files in tomcat(copied complete "endorsed" folder from downloaded opensaml2.0 to c:/apachetomcat/) and jre(copied complete "endorsed" folder to myeclipse/jre/lib).
As I am getting the error in web application, I tried to test the same code as standalone and can see different error as below.
For the Stand alone application I have the slf4j-api-1.5.0.jar in the build path.
==================
[org.opensaml.DefaultBootstrap] : Initializing Velocity template engine
[org.opensaml.xml.Configuration] : VM using JAXP parser org.apache.xerces.jaxp.DocumentBuilderFactoryImpl [org.opensaml.xml.Configuration] : VM using JAXP parser org.apache.xerces.jaxp.DocumentBuilderFactoryImpl [org.opensaml.DefaultBootstrap] : Loading XMLTooling configuration /default-config.xml [org.opensaml.xml.XMLConfigurator] : Loading configuration from XML Document Exception in thread "main" java.lang.NoSuchMethodError: org.slf4j.Logger.trace(Ljava/lang/String;Ljava/lang/Object;)V at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:141) at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:125) at org.opensaml.DefaultBootstrap.initializeXMLTooling(DefaultBootstrap.java:135) at org.opensaml.DefaultBootstrap.bootstrap(DefaultBootstrap.java:75) at utils.Main.main(Main.java:35) ==================
If I remove the "DefaultBootstrap.bootstrap()" in the standalone application, I can see the "Exception in thread "main" java.lang.NullPointerException " at the line "inCommonMDDoc = ppMgr.parse(in); ".i.e, the "inCommonMDDoc " is null. I am sure the input file path is correct and is not empty.
Please help me with your inputs to get this resolved.
Thanks and Regards, Murali |
|
murali mca
Hi
Thanks for all yours help so far.
I am able to resolve the above errors by setting the endorsed files correctly.
I am seeing the below error when I tried to marshal the SAML(generated using SAML1.0) file using saml2.0 API.
SEVERE: This unmarshaller only operates on {urn:oasis:names:tc:SAML:2.0:protocol}Response elements not Response
org.opensaml.xml.io.UnmarshallingException: This unmarshaller only operates on {urn:oasis:names:tc:SAML:2.0:protocol}Response elements not Response at org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.checkElementIsTarget(AbstractXMLObjectUnmarshaller.java:160) at org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObjectUnmarshaller.java:93)
Please can some one confirm me, if the above error is because of compatability between SAML generated with SAML1.0 and marshalling using SAML2.0?
Once again Thanks for all yours help.
Thanks,
Regards |
|
Yahoo! India has a new look. Take a sneak peek.
Chad La Joie
> Try the new Yahoo! India Homepage. Click here. http://in.yahoo.com/trynew
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad....@switch.ch, http://www.switch.ch
Peter Williams
Why not just try out https://code.crt.realtors.org/svn/websso/ rather than struggle at every step!
It's a very basic wrapper around opensaml2, makes out a basic protocol engine, but doesn't impose any higher religion on how to do or not do SSO. It leaves that to you.
Ive seen happy folks adopt that java variety of that distribution. Don't know if it's a maintained source, though.
I've also seen very happy folks using Spring security toolkit, which again doesn't impose any religion on the use of opensaml2. You just receive a post event at a page handler, assume its SAML value, unmarshall the posted blob using the type verifier (and keying), then do X you decide with a bunch of fields. Took one bean-happy developer (with no knowledge of SAML) about 40h to get SSO and SLO done, working against a Liberty Interoperable (recently) certified SAML2 server. They were delighted.