[OpenSAML] OpenSAML query : usage of ValidatorSuite

701 views
Skip to first unread message

Geetika Srivastava

unread,
Sep 4, 2009, 9:05:40 AM9/4/09
to mace-open...@internet2.edu

Hi,

Please could you provide me inputs as to how can we use the SAML Object validator validation as mentioned in :

https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManJavaValidation

Regards,
Geetika Srivastava
Tata Consultancy Services
Mailto: geetika.s...@tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty.        IT Services
                       Business Solutions
                       Outsourcing
____________________________________________
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you

Deena Gurajala

unread,
Sep 4, 2009, 12:27:43 PM9/4/09
to mace-open...@internet2.edu
           


Schema schema = SAMLSchemaBuilder.getSAML11Schema();
            Validator validator = schema.newValidator();

            javax.xml.transform.dom.DOMSource domSrc = new DOMSource(samlElemnt);
            validator.validate(domSrc);

Deena Gurajala

unread,
Sep 4, 2009, 12:35:35 PM9/4/09
to mace-open...@internet2.edu
These are the imports.

import org.opensaml.common.xml.SAMLSchemaBuilder;
import javax.xml.validation.Schema;
import javax.xml.validation.Validator;
import org.opensaml.xml.parse.BasicParserPool;
import org.w3c.dom.Element;
import org.w3c.dom.Document;
import java.io.InputStream;

//Here is the code



      Element samlElemnt = null;

        BasicParserPool ppMgr = new BasicParserPool();
        ppMgr.setNamespaceAware(true);

        InputStream inputStream = new ByteArrayInputStream(samlString.getBytes());
        Document document = ppMgr.parse(inputStream);
        samlElemnt = document.getDocumentElement();

                  Schema schema = SAMLSchemaBuilder.
             getSAML11Schema();
            Validator validator = schema.newValidator();

            javax.xml.transform.dom.DOMSource domSrc = new DOMSource(samlElemnt);
            validator.validate(domSrc);

Hope it helps.

ravi.balas...@idhasoft.com

unread,
Sep 4, 2009, 1:45:01 PM9/4/09
to mace-open...@internet2.edu

 

I am getting this error. I have all LIB endorsed and lib it is looking for is also  a part of web-inf folder.

Getting this error at DefaultBootstrap.BootStrap() function.

 

java.lang.NoClassDefFoundError: org/apache/commons/logging/LogFactory

      at org.apache.xml.security.Init.<clinit>(Unknown Source)

      at org.opensaml.DefaultBootstrap.initializeXMLSecurity(DefaultBootstrap.java:103)

      at org.opensaml.DefaultBootstrap.bootstrap(DefaultBootstrap.java:79)

      at com.myfrs.common.samlHelper.<init>(samlHelper.java:106)

      at com.myfrs.action.hewittRedirector.getSAML(hewittRedirector.java:165)

      Truncated. see log file for complete stacktrace

>

126475 INFO  org.apache.struts.util.PropertyMessageResources     - Initializing, config='org.apache.struts.util.LocalStrings', returnNull=true

Bryn Ryans

unread,
Sep 4, 2009, 1:54:36 PM9/4/09
to mace-open...@internet2.edu

Try this weblogic-application.xml. This works for WLS 10 MP1.

 

 

 

<weblogic-application xmlns="http://www.bea.com/ns/weblogic/90" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

 

    <xml>

      <parser-factory>

        <saxparser-factory>

          org.apache.xerces.jaxp.SAXParserFactoryImpl

        </saxparser-factory>

        <document-builder-factory>

          org.apache.xerces.jaxp.DocumentBuilderFactoryImpl

        </document-builder-factory>

        <transformer-factory>

          org.apache.xalan.processor.TransformerFactoryImpl

        </transformer-factory>

      </parser-factory>

    </xml>

 

    <prefer-application-packages>

        <package-name>org.opensaml.*</package-name>

        <package-name>org.apache.xml.security.*</package-name>

        <package-name>org.apache.commons.*</package-name>

        <package-name>org.apache.log4j.*</package-name>

        <package-name>antlr.*</package-name>

    </prefer-application-packages>

 

</weblogic-application>

 




DISCLAIMER:
This email message and all attachments transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. Please DO NOT forward this email outside of the recipient's Company unless expressly authorized to do so herein. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.

Any views expressed in this email message are those of the individual sender except where the sender specifically states them to be the views of Ventyx.


ravi.balas...@idhasoft.com

unread,
Sep 4, 2009, 2:17:14 PM9/4/09
to mace-open...@internet2.edu

No luck..

 

I have all JARs added to web-inf/lib folder

I have the endorsed jars in separate folder, with –Djava.endorsed.dirs in startup script

 

I put the below suggestion  in weblogic-application.xml

 

Any other suggestions!!!

 

ravi.balas...@idhasoft.com

unread,
Sep 4, 2009, 3:16:19 PM9/4/09
to mace-open...@internet2.edu

I was able to get this working and go past the bootstrap initialization. Now I have this return null

 

org.opensaml.saml2.core.impl.ResponseBuilder rspBldr = (org.opensaml.saml2.core.impl.ResponseBuilder) Configuration.getBuilderFactory().getBuilder(Response.DEFAULT_ELEMENT_NAME);

            org.opensaml.saml2.core.Response samlResponse = rspBldr.buildObject();

 

ravi.balas...@idhasoft.com

unread,
Sep 4, 2009, 3:29:26 PM9/4/09
to mace-open...@internet2.edu

I am getting this error on bootstrap

 

java.lang.UnsupportedOperationException: This DocumentBuilder, "weblogic.xml.jaxp.RegistryDocumentBuilder", does not support the reset functionality.  Specification "null" version "null"

      at javax.xml.parsers.DocumentBuilder.reset(Unknown Source)

      at org.opensaml.xml.parse.BasicParserPool.returnBuilder(BasicParserPool.java:184)

      at org.opensaml.xml.parse.BasicParserPool.parse(BasicParserPool.java:213)

      at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:141)

      at org.opensaml.DefaultBootstrap.initializeXMLTooling(DefaultBootstrap.java:143)

      at org.opensaml.DefaultBootstrap.bootstrap(DefaultBootstrap.java:83)

      at com.myfrs.common.samlHelper.<init>(samlHelper.java:106)

 

Updated the xml as below

Chad La Joie

unread,
Sep 5, 2009, 2:41:25 AM9/5/09
to mace-open...@internet2.edu
Well, you'll need to contact Oracle now and ask them to please implement
JAXP support.

ravi.balas...@idhasoft.com wrote:
> I am getting this error on bootstrap
>
>
>
> java.lang.UnsupportedOperationException: This DocumentBuilder,
> "weblogic.xml.jaxp.RegistryDocumentBuilder", does not support the reset
> functionality. Specification "null" version "null"
>
> at javax.xml.parsers.DocumentBuilder.reset(Unknown Source)
>
> at
> org.opensaml.xml.parse.BasicParserPool.returnBuilder(BasicParserPool.java:184)
>
> at
> org.opensaml.xml.parse.BasicParserPool.parse(BasicParserPool.java:213)
>
> at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:141)
>
> at
> org.opensaml.DefaultBootstrap.initializeXMLTooling(DefaultBootstrap.java:143)
>
> at org.opensaml.DefaultBootstrap.bootstrap(DefaultBootstrap.java:83)
>
> at com.myfrs.common.samlHelper.<init>(samlHelper.java:106)
>
>

> ------------------------------


>
> Updated the xml as below
>
>
>
> <weblogic-application xmlns="http://www.bea.com/ns/weblogic/90" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance">
>
>
>
> <xml>
>
> <parser-factory>
>
> <saxparser-factory>
>
> org.apache.xerces.jaxp.SAXParserFactoryImpl
>
> </saxparser-factory>
>
> <document-builder-factory>
>
> org.apache.xerces.jaxp.DocumentBuilderFactoryImpl
>
> </document-builder-factory>
>
> <transformer-factory>
>
> org.apache.xalan.processor.TransformerFactoryImpl
>
> </transformer-factory>
>
> </parser-factory>
>
> </xml>
>
>
>
> <prefer-application-packages>
>
> <package-name>org.opensaml.*</package-name>
>
> <package-name>org.apache.xml.security.*</package-name>
>
> <package-name>org.apache.commons.*</package-name>
>
> <package-name>org.apache.log4j.*</package-name>
>
> <package-name>antlr.*</package-name>
>
> </prefer-application-packages>
>
>
>
> </weblogic-application>
>

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad....@switch.ch, http://www.switch.ch

Geetika Srivastava

unread,
Sep 7, 2009, 1:33:19 AM9/7/09
to mace-open...@internet2.edu

Thanks for the help.

The code provided only validates the SAML token schema.
How can the validation of the values in SAML token be done in accordance with SAML 1.1 specification.

Regards,
Geetika Srivastava
Tata Consultancy Services
Mailto: geetika.s...@tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty.        IT Services
                       Business Solutions
                       Outsourcing
____________________________________________


Deena Gurajala <deena.g...@gmail.com>

09/04/2009 10:05 PM

Please respond to
mace-open...@internet2.edu
To
mace-open...@internet2.edu
cc
Subject
Re: [OpenSAML] OpenSAML query : usage of ValidatorSuite


ForwardSourceID:NT0001115A    

Scott Cantor

unread,
Sep 7, 2009, 1:45:07 PM9/7/09
to mace-open...@internet2.edu
> How can the validation of the values in SAML token be done in accordance
> with SAML 1.1 specification.

Validation is mostly a profile issue. If there's no validator that does what
you need in the library then I suppose you have to write one.

-- Scott

Deena Gurajala

unread,
Sep 7, 2009, 2:32:05 PM9/7/09
to mace-open...@internet2.edu
I don't know what you are asking. I am able to successfully validate Authentication Requests, SAML Response, Authorization Decision Query and response against their schema with this code. It will automatically validate missing fields and invalid values in the XML. If you give me more details, I can think of it.

ravi.balas...@idhasoft.com

unread,
Sep 8, 2009, 2:10:16 PM9/8/09
to mace-open...@internet2.edu

I get this error on deployment.

<Sep 8, 2009 2:09:42 PM EDT> <Warning> <HTTP> <BEA-101162> <User defined listener org.apache.beehive.netui.pageflow.PageFlowContextListener failed: java.lang.IllegalArgumentException: http://java.sun.com/xml/jaxp/properties/schemaLanguage.

java.lang.IllegalArgumentException: http://java.sun.com/xml/jaxp/properties/schemaLanguage

      at org.apache.xerces.jaxp.DocumentBuilderFactoryImpl.setAttribute(DocumentBuilderFactoryImpl.java:118)

      at org.apache.beehive.netui.util.config.parser.NetUIConfigParser.parse(NetUIConfigParser.java:159)

      at org.apache.beehive.netui.util.config.parser.NetUIConfigParser.parse(NetUIConfigParser.java:135)

      at org.apache.beehive.netui.util.config.ConfigUtil.internalInit(ConfigUtil.java:100)

      at org.apache.beehive.netui.util.config.ConfigUtil.init(ConfigUtil.java:68)

Chad La Joie

unread,
Sep 8, 2009, 2:11:47 PM9/8/09
to mace-open...@internet2.edu
There isn't anything I can do about beehive's code passing in illegal
options. You'll need to contact them.

--

ravi.balas...@idhasoft.com

unread,
Sep 9, 2009, 2:53:16 PM9/9/09
to mace-open...@internet2.edu
I deployed my app in tomcat 6.0 in windows and copied the endorsed jars to
$CATALINA_BASE/lib/endorsed, and code ran fine.

Did the same steps in solaris.. Get this error message

org.opensaml.xml.ConfigurationException: Configuration file does not
validate against schema
at
org.opensaml.xml.XMLConfigurator.validateConfiguration(XMLConfigurator.jav
a:382)
at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:162)
at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:142)
at
org.opensaml.DefaultBootstrap.initializeXMLTooling(DefaultBootstrap.java:1
43)
at
org.opensaml.DefaultBootstrap.bootstrap(DefaultBootstrap.java:83)
at com.sba.saml.helper.SamlHelper.<init>(SamlHelper.java:106)

Geetika Srivastava

unread,
Sep 16, 2009, 6:51:30 AM9/16/09
to mace-open...@internet2.edu

As per the below link mentioned
https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManJavaValidation

we need to create a Validator suite for schema validation and for specification validation. Is it not required?
Only the implementation code mentioned by you is enough?

Thanks and Regards,

Geetika Srivastava
Tata Consultancy Services
Mailto: geetika.s...@tcs.com
Website:
http://www.tcs.com

____________________________________________
Experience certainty.        IT Services
                       Business Solutions
                       Outsourcing
____________________________________________


From: Deena Gurajala <deena.g...@gmail.com>
To: mace-open...@internet2.edu
Date: 09/08/2009 12:02 AM
Subject: Re: [OpenSAML] OpenSAML query : usage of ValidatorSuite

Reply all
Reply to author
Forward
0 new messages