You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Minton <cm...@dstsystems.com> on 2010/06/17 01:55:38 UTC
Signing SAML token with keyHolder confirmation method
I am trying to create a signed assertion that uses the keyHolder confirmation
method, but not have been able to make much headway. I can create the
assertion, and I can use senderVouches, but when I try to use keyHolder, I
run into problems. A portion of the code I am using is below. Can anyone
point me what might be going wrong? Or where a good example of doing this
is? I have seen test code where it was pulling the keyInfo from XML for
confirmation, but no example of placing the keyInfo method into the xml.
Any help would be greatly appreciated as I have been stuck on this for about
a week. I have been able to get two-way SSL certification, WS-Sec
username/token, and SAML tokens working, I just can't get it to sign with
keyHolder confirmation. What am I missing?
Thank you for any help you can provide.
// Load SAML properties file
SAMLIssuer saml = getSAMLInstance();
saml.setUserCrypto( crypto );
saml.setInstanceDoc( soappart );
saml.setUsername( "dstsystems" );
SAMLAssertion assertion = saml.newAssertion();
GregorianCalendar cal = new GregorianCalendar();
// Set the Not Before time to now
cal.setTime( new Date() );
assertion.setNotBefore( cal.getTime() );
// Set the Not on or After Time to tomorrow
cal.add( Calendar.DAY_OF_MONTH, 1 );
assertion.setNotOnOrAfter( cal.getTime() );
// Assertion must have at least one subject
SAMLSubject subject = new SAMLSubject( new SAMLNameIdentifier( SAMLID,
"", SAMLNameIdentifier.FORMAT_X509 ),
null,
null,
null );
subject.addConfirmationMethod( SAMLSubject.CONF_HOLDER_KEY );
SAMLAuthenticationStatement authStatement = new
SAMLAuthenticationStatement( subject,
WSConstants.SAML_NS,
new Date(),
null,
null,
null );
assertion.addStatement( authStatement );
// subject.setKeyInfo( ki );
// Sign the SAML assertion
WSSecSignatureSAML wssamlsig = new WSSecSignatureSAML();
Vector<WSEncryptionPart> signSigParts = new Vector<WSEncryptionPart>();
if ( signSigParts.size() > 0 )
{
wssamlsig.setParts( signSigParts );
}
PrivateKey pkey = crypto.getPrivateKey( cryptoUserName, cryptoPassword
);
assertion.sign( XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, pkey,
signSigParts );
wssamlsig.setUsernameToken( token );
wssamlsig.setKeyIdentifierType( WSConstants.BST_DIRECT_REFERENCE );
wssamlsig.setSignatureAlgorithm( XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1
);
try
{
// Prepare the assertion
wssamlsig.prepare( soappart, null, assertion, crypto, cryptoAlias,
cryptoPassword, wsheader );
// Build the assertion
wssamlsig.build( soappart, null, assertion, crypto, cryptoAlias,
cryptoPassword, wsheader );
}
catch ( WSSecurityException e )
{
e.printStackTrace();
}
private SAMLIssuer getSAMLInstance()
{
try
{
Properties props2 = new Properties();
props2.load( new FileInputStream( SAML_PROPERTIES ) );
SAMLIssuer saml = SAMLIssuerFactory.getInstance(
"org.apache.ws.security.saml.SAMLIssuerImpl", props2 );
return saml;
}
catch ( FileNotFoundException fnf )
{
System.out.println( fnf.getMessage() );
}
catch ( IOException e )
{
System.out.println( e.getMessage() );
}
return null;
}
--
View this message in context: http://old.nabble.com/Signing-SAML-token-with-keyHolder-confirmation-method-tp28909052p28909052.html
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Signing SAML token with keyHolder confirmation method
Posted by Colm O hEigeartaigh <co...@apache.org>.
Take a look at the test-code for signing a SAML assertion using holder-of-key:
https://svn.apache.org/repos/asf/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityNewST3.java
Colm.
On Thu, Jun 17, 2010 at 12:55 AM, Minton <cm...@dstsystems.com> wrote:
>
> I am trying to create a signed assertion that uses the keyHolder confirmation
> method, but not have been able to make much headway. I can create the
> assertion, and I can use senderVouches, but when I try to use keyHolder, I
> run into problems. A portion of the code I am using is below. Can anyone
> point me what might be going wrong? Or where a good example of doing this
> is? I have seen test code where it was pulling the keyInfo from XML for
> confirmation, but no example of placing the keyInfo method into the xml.
> Any help would be greatly appreciated as I have been stuck on this for about
> a week. I have been able to get two-way SSL certification, WS-Sec
> username/token, and SAML tokens working, I just can't get it to sign with
> keyHolder confirmation. What am I missing?
>
> Thank you for any help you can provide.
>
>
>
> // Load SAML properties file
> SAMLIssuer saml = getSAMLInstance();
> saml.setUserCrypto( crypto );
> saml.setInstanceDoc( soappart );
> saml.setUsername( "dstsystems" );
> SAMLAssertion assertion = saml.newAssertion();
>
> GregorianCalendar cal = new GregorianCalendar();
> // Set the Not Before time to now
> cal.setTime( new Date() );
> assertion.setNotBefore( cal.getTime() );
> // Set the Not on or After Time to tomorrow
> cal.add( Calendar.DAY_OF_MONTH, 1 );
> assertion.setNotOnOrAfter( cal.getTime() );
>
> // Assertion must have at least one subject
> SAMLSubject subject = new SAMLSubject( new SAMLNameIdentifier( SAMLID,
> "", SAMLNameIdentifier.FORMAT_X509 ),
> null,
> null,
> null );
> subject.addConfirmationMethod( SAMLSubject.CONF_HOLDER_KEY );
>
> SAMLAuthenticationStatement authStatement = new
> SAMLAuthenticationStatement( subject,
>
> WSConstants.SAML_NS,
>
> new Date(),
>
> null,
>
> null,
>
> null );
>
> assertion.addStatement( authStatement );
>
>
> // subject.setKeyInfo( ki );
>
> // Sign the SAML assertion
> WSSecSignatureSAML wssamlsig = new WSSecSignatureSAML();
> Vector<WSEncryptionPart> signSigParts = new Vector<WSEncryptionPart>();
>
> if ( signSigParts.size() > 0 )
> {
> wssamlsig.setParts( signSigParts );
> }
>
> PrivateKey pkey = crypto.getPrivateKey( cryptoUserName, cryptoPassword
> );
>
> assertion.sign( XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, pkey,
> signSigParts );
>
> wssamlsig.setUsernameToken( token );
> wssamlsig.setKeyIdentifierType( WSConstants.BST_DIRECT_REFERENCE );
> wssamlsig.setSignatureAlgorithm( XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1
> );
>
> try
> {
> // Prepare the assertion
> wssamlsig.prepare( soappart, null, assertion, crypto, cryptoAlias,
> cryptoPassword, wsheader );
> // Build the assertion
> wssamlsig.build( soappart, null, assertion, crypto, cryptoAlias,
> cryptoPassword, wsheader );
> }
> catch ( WSSecurityException e )
> {
> e.printStackTrace();
> }
>
>
> private SAMLIssuer getSAMLInstance()
> {
> try
> {
> Properties props2 = new Properties();
> props2.load( new FileInputStream( SAML_PROPERTIES ) );
> SAMLIssuer saml = SAMLIssuerFactory.getInstance(
> "org.apache.ws.security.saml.SAMLIssuerImpl", props2 );
> return saml;
> }
> catch ( FileNotFoundException fnf )
> {
> System.out.println( fnf.getMessage() );
> }
> catch ( IOException e )
> {
> System.out.println( e.getMessage() );
> }
> return null;
>
> }
> --
> View this message in context: http://old.nabble.com/Signing-SAML-token-with-keyHolder-confirmation-method-tp28909052p28909052.html
> Sent from the WSS4J mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org