Source code for openws-1.4.4.jar and opensaml-2.5.3.jar

[Gina Choi]

Hi all,

 

Somehow I don’t receive responses from dev email list sometimes, so after post a message, I have to go to Shibboleth web site to read responses to my questions.

 

I am building a Java project using Eclipse. So, if I can download source code for openws-1.4.4.jar and opensaml-2.5.3.jar to attach Eclipse that would be great. I went Shibboleth Subversion repositories, but I am not sure code in the repository is related to the  library versions that I downloaded.

 

Thank you.

 

Gina

[Brent Putman]

On 3/13/12 7:07 PM, Gina Choi wrote:

Hi all,

 

Somehow I don’t receive responses from dev email list sometimes, so after post a message, I have to go to Shibboleth web site to read responses to my questions.

Hmm, I don't have any suggestions there.  I'm not aware of any other reported issues of people not receiving mail from the lists, but perhaps others on the team are.  In general I suppose the usual suggestions about this kind of thing apply, i.e. make sure the mail isn't being tagged by your mail client as spam and winding up in your Junk or Bulk Mail folder and so forth.

 

I am building a Java project using Eclipse. So, if I can download source code for openws-1.4.4.jar and opensaml-2.5.3.jar to attach Eclipse that would be great. I went Shibboleth Subversion repositories, but I am not sure code in the repository is related to the  library versions that I downloaded.

 

Well, the code in the repos is tagged according to the release version, so under each project's /tags area you'd want to checkout the version that corresponds to what you are using.

However, OpenSAML is a Maven-based project and so all our artifacts, including source jars, are published in our Maven repository.  If you are using Maven in your project for your dependency management, there's usually an option in the Maven Eclipse plugins to also pull down source and/or Javadoc jars automatically for your dependencies.  You are free to point your project POM at our Maven repository to pull in our artifacts:

https://shibboleth.net/nexus/content/groups/public

If you aren't using Maven, you can still grab source and Javadoc jars from the repo via an http client, specifically from here:

https://shibboleth.net/nexus/content/groups/public/org/opensaml/

Just drill down to the version that you need, hopefully the filesystem structure and naming is intuitive enough.

--Brent

[Gina Choi]

Hi Brent,

Thank you very much for your responses. I downloaded source code that I
needed from https://shibboleth.net/nexus/content/groups/public/org/opensaml/.

Gina

Message: 8
Date: Tue, 13 Mar 2012 22:56:29 -0400
From: Brent Putman <put...@georgetown.edu>
Subject: Re: Source code for openws-1.4.4.jar and opensaml-2.5.3.jar
To: d...@shibboleth.net
Message-ID: <4F6008DD...@georgetown.edu>
Content-Type: text/plain; charset="iso-8859-1"

https://shibboleth.net/nexus/content/groups/public

https://shibboleth.net/nexus/content/groups/public/org/opensaml/

--Brent

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://shibboleth.net/pipermail/dev/attachments/20120313/c3831258/attachment.
html

------------------------------

--
To unsubscribe from this list send an email to dev-uns...@shibboleth.net

End of dev Digest, Vol 9, Issue 10
**********************************
--
To unsubscribe from this list send an email to dev-uns...@shibboleth.net

[Gina Choi]

I try to build following RequestSecurityToken.

<trust:RequestSecurityToken
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<a:EndpointReference>
<a:Address>https://yourcompany.com</a:Address>
</a:EndpointReference>
</wsp:AppliesTo>

<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust
:KeyType>

<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</tr
ust:RequestType>
<trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</trust:TokenType>
</trust:RequestSecurityToken>

>Yes, it implements the Java-XML binding, so you can build up the XML
>using a Java object model and then marshall it to a DOM structure (just
I built AuthnRequest using OpenSAML libraries recently. Is this same concept?
Can I find some sample code from anywhere? By the way, my STS is ADFS2.0.

>like all the other schemas that OpenSAML supports, like SAML itself).

>There isn't any higher level support for actually doing the SOAP call,
>protocol message handling, etc. That's all functionality that would for
>example be built on top of OpenSAML. I don't know personally whether
>there are libraries that actually do that for WS-Trust using OpenSAML,
>like WSS4J does to provide SAML Assertion token support for WS-Security
>via OpenSAML.
I guess that I need to implement SOAO call by myself.

>I'm sure there are non-OpenSAML based libraries that have various types
>of WS-Trust protocol support.
Since I found out that I can build ReqeustSecurityToken using
openws-1.4.1.jar, I don't need to look for other libraries.

Thanks.

Gina

Message: 5
Date: Tue, 13 Mar 2012 05:27:54 -1200
From: Gina Choi <gc...@sdl.com>
Subject: Does openws1.4.2 support RequestSecurityToken?
To: <d...@shibboleth.net>
Message-ID:
<199C35CD64E44140A34...@wakemail0303.global.sdl.corp>
Content-Type: text/plain; charset="us-ascii"

Hi,

I am planning to build RequestSecurityToken and send it over to STS to
receive RequestSecurityTokenResponse. I looked at APIs for openws-1.4.2.jar
and there is a RequestSecurityTokenImpl.java class which implemented
RequestSecurityToken interface, but RequestSecurityTokenImpl.java class is
very simple. Is this something that I can use to build RequestSecurityToken
to send to STS or I should look for some other libraries?

Thanks.

Gina Choi

-------------- next part --------------
An HTML attachment was scrubbed...
URL:

http://shibboleth.net/pipermail/dev/attachments/20120313/e2682f45/attachment-
0001.html

------------------------------

Message: 6
Date: Tue, 13 Mar 2012 15:33:14 -0400
From: Brent Putman <put...@georgetown.edu>
Subject: Re: Does openws1.4.2 support RequestSecurityToken?
To: d...@shibboleth.net
Message-ID: <4F5FA0FA...@georgetown.edu>
Content-Type: text/plain; charset=ISO-8859-1

On 3/13/12 1:27 PM, Gina Choi wrote:
>
>
> Hi,
>
>
>
> I am planning to build RequestSecurityToken and send it over to STS to
> receive RequestSecurityTokenResponse. I looked at APIs for
> openws-1.4.2.jar

I don't think there's any significant difference in the WS-Trust
support, but the latest openws is 1.4.4. You might want to consider
using the latest version of the OpenSAML stack, just to get all the
latest bug fixes, etc.

> and there is a RequestSecurityTokenImpl.java class
> which implemented RequestSecurityToken interface, but
> RequestSecurityTokenImpl.java class is very simple.

I don't know what you mean by "very simple". It implements the schema
for that element as defined in WS-Trust. No more, no less.

> Is this something
> that I can use to build RequestSecurityToken to send to STS or I should
> look for some other libraries?
>

Yes, it implements the Java-XML binding, so you can build up the XML
using a Java object model and then marshall it to a DOM structure (just
like all the other schemas that OpenSAML supports, like SAML itself).

There isn't any higher level support for actually doing the SOAP call,
protocol message handling, etc. That's all functionality that would for
example be built on top of OpenSAML. I don't know personally whether
there are libraries that actually do that for WS-Trust using OpenSAML,
like WSS4J does to provide SAML Assertion token support for WS-Security
via OpenSAML.

I'm sure there are non-OpenSAML based libraries that have various types
of WS-Trust protocol support.

[Brent Putman]

On 3/14/12 1:35 PM, Gina Choi wrote:

> I built AuthnRequest using OpenSAML libraries recently. Is this same concept?

Yes, it's exactly the same concept. You use builders to create new
instances of the desired XMLObjects, mutate them as you like, build up a
tree that represents the XML you need and then marshall the XMLObject
tree to a DOM.

> Can I find some sample code from anywhere? By the way, my STS is ADFS2.0.

I don't think we have any sample code for the WS-Trust and other WS-*
schemas per se. Possibly there is something in the openws unit tests.
But as I said above, it's exactly the same concept and procedure to
build and marshall a WS-Trust RST XML structure as a SAML 2 AuthnRequest
one.

> I guess that I need to implement SOAO call by myself.

Actually, I forgot to mention that we do have a rudimentary SOAP client,
based on Apache HttpClient. There is a basic example of its use here in
the wiki:

https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUserManJavaSOAPClientExample

It basically just takes a complete Envelope XMLObject, sends it and
provides the the Envelope object that is the received back as the
response. So it doesn't do anything fancy with Envelope handling, like
generate or process headers, that's something that needs to be done by
the caller.

[Gina Choi]

Hi All,

When I build AuthnRequest, I used issuer.setValue(issuerUrl) to set
RelyingParty indentifier(URL). I need to get RequestSecurityToken(RST) from a
certain Relying Party in STS. How to I mention that Relying Party inside my
RequestSecurityToken? Is this something that I can set up through
EndpointReference? Following is my sample RST.

<trust:RequestSecurityToken
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<a:EndpointReference>
<a:Address>https://yourcompany.com</a:Address>
</a:EndpointReference>
</wsp:AppliesTo>

<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust
:KeyType>

<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</tr
ust:RequestType>
<trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</trust:TokenType>
</trust:RequestSecurityToken>

Thanks.

Gina