问题
I’ve been working with Apache CXF and WSS4J to implement a SecurityTokenService.
Using a “CustomClaimsHandler” implementing "org.apache.cxf.sts.claims.ClaimsHandler" I can create a SAML token containing this kind of attributes :
<saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xsi:type="xs:string">admin</saml2:AttributeValue>
</saml2:Attribute>
The thing is I am now trying to create an attribute with some XML content. For exemple :
<saml2:Attribute Name="http://my/xml/content">
<saml2:AttributeValue xsi:type="???">
<somthing>
<somthingElse>text</somthingElse>
</somthing>
</saml2:AttributeValue>
</saml2:Attribute>
I’ve looked at making a custom implementation of a “ClaimsAttributeStatementProvider” (org.apache.cxf.sts.claims) but I seem to have to use the “AttributeBean” class of WSS4J. But this class doesn’t seem to let me change the type.
Does someone now how to deal with this issue ?
======================================================================
Edit following Colm's answer :
I added a dependency to opensaml-core v3.0.0 in my CXF STS project to obtain the “org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport” class as shown in the exemple you pointed to me. Before calling the XMLObjectProviderRegistrySupport.getBuilderFactory() I seemed to have to initialize the configuration of opensaml. I didn’t manage to use the embedded configuration that I suppose my WSS4J in CXF is using. I managed the initialization calling “org.opensaml.core.config.InitializationService.initialize();”
All seems good for the creation of the AttributeBean with an XSAny type.
The problem is when WSS4J tries to Handle the SAMLCallback :
Caused by: java.lang.ClassCastException: org.opensaml.core.xml.schema.impl.XSAnyBuilder cannot be cast to org.opensaml.xml.XMLObjectBuilder
at org.opensaml.xml.XMLConfigurator.initializeObjectProviders(XMLConfigurator.java:236)
at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:182)
at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:166)
at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:143)
at org.apache.wss4j.common.saml.OpenSAMLBootstrap.initializeXMLTooling(OpenSAMLBootstrap.java:105)
at org.apache.wss4j.common.saml.OpenSAMLBootstrap.bootstrap(OpenSAMLBootstrap.java:86)
at org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine(OpenSAMLUtil.java:61)
at org.apache.wss4j.common.saml.SamlAssertionWrapper.(SamlAssertionWrapper.java:204)
at org.apache.cxf.sts.token.provider.SAMLTokenProvider.createSamlToken(SAMLTokenProvider.java:303)
at org.apache.cxf.sts.token.provider.SAMLTokenProvider.createToken(SAMLTokenProvider.java:122)
... 45 more
I suppose I have a version issue :
Either I’d have to make my STS’s configuration of opensaml aware of my opensaml-core v3.0.0 classes Or I’d have to use a different version of CXF to get a newer version of WSS4J.
My version of CXF is 3.0.1 and has a dependency on WSS4J-ws-security-common in version 2.0.1 witch has a dependency on opensaml version 2.6.1
Do you have an idea of how to resolve this problem ?
Regards
=========================
EDIT Colm resolved issue in post : SAML2 assertion with home defined AttributeBean in CXF
回答1:
The setAttributeValues method of the AttributeBean class in WSS4J allows you to pass through OpenSAML XMLObject objects. So you can can create your custom attribute types using OpenSAML and then pass them through. Here is a test-case in WSS4J that adds an "Integer" type in (see "testSAML2AttrAssertionIntegerAttribute"):
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java?view=markup
Colm.
来源:https://stackoverflow.com/questions/28724098/saml2-xml-structured-attribute-values