[OpenSAML] Questions - Just starting out with OpenSAML
Mark Barnes
Hello.
I have just been given the task of adding to our web site the ability to accept SAML-based SSO requests from our clients, whereby our web site would be the service provider, and I have been looking for libraries that would make the task easier. (In the past I have written a similar implementation from scratch for a previous company, but it was specific for one client, not generalized.)
It looks like OpenSAML will the perfect solution.
I have downloaded the source and binaries for OpenSAML 2.3.1, and have been reading the user's manual at https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManual. I must admit to being quite confused.
The first example in the user's manual uses class BasicParserPool in package org.opensaml.xml.parse, but I can't seem find this package or even org.opensaml.xml . I browsed the jar file and the source and I just don't see it.
What am I missing?
Thanks,
---Mark
Cantor, Scott E.
It looks like OpenSAML will the perfect solution.
I have downloaded the source and binaries for OpenSAML 2.3.1, and have been reading the user's manual at https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManual. I must admit to being quite confused.
The first example in the user's manual uses class BasicParserPool in package org.opensaml.xml.parse, but I can't seem find this package or even org.opensaml.xml . I browsed the jar file and the source and I just don't see it.
Chad La Joie
SP (or IdP). The analogy I use is that OpenSAML vs. and SP is the
difference between having an HTTP library and having a web server (Scott
says socket library vs web server).
The discussion on the Shibboleth list was actually about a person using
the Spring Security SAML module so that might be an option. There is
also oiosaml which is based on OpenSAML. Both are native Java but I
can't vouch for the completeness or security rigor of either one.
On 1/10/11 1:50 PM, Mark Barnes wrote:
> Thank you for your response, Scott.
>
> I am looking at Shibboleth SP now.
>
> One of the first things I noted is that, when using Java Servlets, the
> use of Apache is required. We don't use Apache. I'm not sure if we can
> make that switch or not.
>
> Are there any examples of using OpenSAML directly by the service itself
> that you can point me to?
>
> ---Mark
>
> *From:*mace-opensaml...@internet2.edu
> [mailto:mace-opensaml...@internet2.edu] *On Behalf Of
> *Cantor, Scott E.
> *Sent:* 07 January, 2011 8:51 PM
> *To:* <mace-open...@internet2.edu>
> *Cc:* mace-open...@internet2.edu
> *Subject:* Re: [OpenSAML] Questions - Just starting out with OpenSAML
>
>
> On Jan 7, 2011, at 8:24 PM, "Mark Barnes" <Mark....@rightthinginc.com
--
Chad La Joie
http://itumi.biz
trusted identities, delivered
Cantor, Scott E.
> you can point me to?
There are a handful of implementations mentioned in the wiki, I believe. They may or may not prove to be a good fit, and I don't know much about them at the lower levels of detail. I rather suspect you'd be much better off enhancing one of them than starting over, though.
-- Scott
Michael Sidelnikov
Hello Chad,
I am running into a problem when trying to sign the SAML assertion on WebLogic 10.3. The application deployes as a war file.
Here is the exception:
java.lang.NoClassDefFoundError: org/apache/xml/security/Init
at org.opensaml.DefaultBootstrap.initializeXMLSecurity(DefaultBootstrap.java:103)
at org.opensaml.DefaultBootstrap.bootstrap(DefaultBootstrap.java:79)
at servlets.CreateRequestServlet.(Unknown Source)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
.........
This exception occurs when DefaultBootstrap attempts to load a default configuration:
DefaultBootstrap.bootstrap();
I did some home work - I tried all fixes that were mentioned on the different forums:
I created endorsed directories under the jre/lib and copied there the following jares:
opensaml-2.2.3.jar
resolver-2.9.1.jar
serializer-2.7.1.jar
slf4j-api-1.5.6.jar
slf4j-jdk14-1.5.6.jar
slf4j-nop-1.5.6.jar
xalan-2.7.1.jar
xercesImpl-2.9.1.jar
xml-apis-2.9.1.jar
xmlsec-2.0.jar
I attached these jares to the classpath in the startWeblogic script and have added the weblogic.class.path property with all nessessary jars attached to it.
Also I added the following jars to the WEB-INF/lib folder:
catalina-root.jar
commons-codec-1.3.jar
jdom.jar
opensaml-2.2.3.jar
xmldsig.jar
xmlsec-2.0.jar
xmltooling-1.2.0.jar
and updated weblogic.xml with the following part:
<wls:container-descriptor>
<wls:prefer-web-inf-classes>true</wls:prefer-web-inf-classes>
</wls:container-descriptor>
All these attempts led me to the same result - runtime exception.
At this point I think that I need help to resolve this issue.
Please, help... I am running out of time ...
Thank you,
Michael Sidelnikov
> Date: Mon, 10 Jan 2011 13:53:44 -0500
> From: laj...@itumi.biz
> To: mace-open...@internet2.edu
> Subject: Re: [OpenSAML] Questions - Just starting out with OpenSAML
Chad La Joie
What you're seeing is a classpath issues. Be sure that all the jars
bundled with opensaml are on the classpath. In particular the xmlsec
jar contains the class you're seeing in the error. I have no experience
with WebLogic so I have no idea how you do that.
Also, in regards to endorsement, you should only have the jars located
in the "endorsed" directory that comes with OpenSAML within your
JVM/container endorsed directory. Copying everything over is not a good
thing and will likely lead to other errors.