You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by pymz <py...@gmail.com> on 2011/10/26 14:39:47 UTC

How to validate SAML2.0 with axis2

Hi,

In my project i have to validate a saml2.0 assertion included in the soap
header. This assertion comes from a client, so I just some example of the
structure.

After lot time passed on google/forums etc, I don't really find a good
doc/exemple to validate an assertion. I just find some information to
generate a SAML but nothing to validate it.

I have created an axis2 module "SAMLValidator" with and handler
SAMLValidatorHandler :

public class ValidatorHandler extends AbstractHandler {

  public InvocationResponse invoke(MessageContext msgContext) throws
AxisFault {

    SOAPEnvelope soapEnv = msgContext.getEnvelope();
    SOAPHeader soapHead = soapEnv.getHeader();

		try {
			//initialize the opensaml library
			DefaultBootstrap.bootstrap();
			Schema schema = SAMLSchemaBuilder.getSAML11Schema();
			
			//get parser pool manager
			BasicParserPool parserPoolManager = new BasicParserPool();
			parserPoolManager.setNamespaceAware(true);
			parserPoolManager.setIgnoreElementContentWhitespace(true);
			parserPoolManager.setSchema(schema);
			
			Validator validator = schema.newValidator();
			
			//pasing
			Reader input = new StringReader(soapHead.toString());
			Document doc = parserPoolManager.parse(input);
			
			Source srcc = new DOMSource(doc);
			//Result res = new StreamResult();
			
			//validation
			validator.validate(srcc);
			
			printDOMInfos(doc);
			
		} catch (SAXException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (ConfigurationException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (XMLParserException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
  }
}

But I not really sure if this can validate the SAML...

There is an other commons way to validate the assertion? With Ws-Trust ?
WS-Policy? I'm a little bit confused about all kind of WS-*... If anyone can
help me... It would be great

Thanks in advance.

ps: sorry for my frenchy's english ^^
-- 
View this message in context: http://old.nabble.com/How-to-validate-SAML2.0-with-axis2-tp32724025p32724025.html
Sent from the Axis - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
For additional commands, e-mail: java-user-help@axis.apache.org