You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@ws.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2015/05/01 10:57:19 UTC
Re: Problem signing SOAP doc with existing SAML assertion
The AssertionWrapper is set up in such a way to either construct SAML
Assertions via a CallbackHandler, or else to process a received SAML
Assertion (as a DOM Element). Using the latter constructor is not valid if
you then want to use the Assertion for signing.
So what you should be able to do instead, is to construct the
AsseritonWrapper via a CallbackHandler, passing the existing DOM Element
token to SAMLCallback.setAssertionElement().
Colm.
On Thu, Apr 30, 2015 at 10:52 PM, Yang, Gang CTR USARMY (US) <
gang.yang.ctr@mail.mil> wrote:
> Hi,
>
>
>
> I'm using WSS4j 1.6.18. I'm able to generate the SAML 2.0 HOK assertion
> (AssertionWrapper class) using SAML2CallbackHandler and sign the SOAP
> document w/o problem. However, I've been failing to use an existing SAML
> 2.0 HOK assertion to sign. Here's the details:
>
>
>
> I first captured the generated SAML 2.0 HOK assertion string, constructed
> an OpenSAML SAML 2.0 assertion from it and then created the
> AssertionWrapper from the OpenSAML assertion. Using so constructed
> AssertionWrapper, I failed the signing of the SOAP document.
>
>
>
> Then I obtained the AssertionWrapper directly from the successful
> verification result and used it directly to repeat the SOAP signing and I
> succeeded.
>
>
>
> Thirdly, I obtained the AssertionWrapper directly from the successful
> verification result, obtained the OpenSAML 2.0 assertion from getSaml2()
> getter. constructed a new AssertionWrapper from the OpenSAML 2.0 assertion
> and used it to sign the SOAP doc. I failed again.
>
>
>
> Both failure gave me the same exception:
>
>
>
> org.apache.xml.security.signature.XMLSignatureException: Sorry, you
> supplied the wrong key type for this operation! You supplied a null but a
> java.security.PrivateKey is needed.
> at
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA.engineInitSign(SignatureBaseRSA.java:150)
> at
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA.engineInitSign(SignatureBaseRSA.java:166)
> at
> org.apache.xml.security.algorithms.SignatureAlgorithm.initSign(SignatureAlgorithm.java:239)
> at
> org.apache.xml.security.signature.XMLSignature.sign(XMLSignature.java:606)
> at org.opensaml.xml.signature.Signer.signObject(Signer.java:76)
> at
> org.apache.ws.security.saml.ext.OpenSAMLUtil.signObject(OpenSAMLUtil.java:234)
> at
> org.apache.ws.security.saml.ext.OpenSAMLUtil.signXMLObject(OpenSAMLUtil.java:211)
> at
> org.apache.ws.security.saml.ext.OpenSAMLUtil.toDom(OpenSAMLUtil.java:164)
> at
> org.apache.ws.security.saml.ext.OpenSAMLUtil.toDom(OpenSAMLUtil.java:115)
> at
> org.apache.ws.security.saml.ext.AssertionWrapper.toDOM(AssertionWrapper.java:314)
> at
> org.apache.ws.security.saml.WSSecSignatureSAML.prepare(WSSecSignatureSAML.java:209)
> at
> org.apache.ws.security.saml.WSSecSignatureSAML.build(WSSecSignatureSAML.java:117)
> at
> mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessage(Ts3Wss4jOutHandler.java:285)
> at
> mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessage(Ts3Wss4jOutHandler.java:210)
> at
> mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessage(Ts3Wss4jOutHandler.java:206)
> at
> mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessageWithAssertion(Ts3Wss4jOutHandler.java:200)
> at mil.army.security.ts3.Ts3Wss4j.TestHandlers.main(TestHandlers.java:36)
>
>
>
> Do I have a misconception trying to construct an AssertionWrapper from an
> OpenSAML 2.0 Assertion? Why does it always fail when I use an
> AssertionWrapper constructed this way?
>
>
>
> Thanks,
>
> Gang
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com