问题
I’ve been working with Apache CXF and WSS4J to implement a SecurityTokenService.
Using a “CustomClaimsHandler” implementing "org.apache.cxf.sts.claims.ClaimsHandler" I can create a SAML token containing this kind of attributes :
<saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xsi:type="xs:string">admin</saml2:AttributeValue>
</saml2:Attribute>
The thing is I am now trying to create an attribute with some XML content. For exemple :
<saml2:Attribute Name="http://my/xml/content">
<saml2:AttributeValue xsi:type="???">
<somthing>
<somthingElse>text</somthingElse>
</somthing>
</saml2:AttributeValue>
</saml2:Attribute>
Following a response I got on this link : SAML2 xml structured attribute values
I added a dependency to opensaml-core v3.0.0 in my CXF STS project to obtain the “org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport” class as shown in the exemple from the response. Before calling the XMLObjectProviderRegistrySupport.getBuilderFactory() I seemed to have to initialize the configuration of opensaml.
I managed the initialization calling “org.opensaml.core.config.InitializationService.initialize();”
All seems good for the creation of the AttributeBean with an XSAny type.
The problem is when WSS4J tries to Handle the SAMLCallback :
Caused by: java.lang.ClassCastException: org.opensaml.core.xml.schema.impl.XSAnyBuilder cannot be cast to org.opensaml.xml.XMLObjectBuilder
at org.opensaml.xml.XMLConfigurator.initializeObjectProviders(XMLConfigurator.java:236)
at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:182)
at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:166)
at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:143)
at org.apache.wss4j.common.saml.OpenSAMLBootstrap.initializeXMLTooling(OpenSAMLBootstrap.java:105)
at org.apache.wss4j.common.saml.OpenSAMLBootstrap.bootstrap(OpenSAMLBootstrap.java:86)
at org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine(OpenSAMLUtil.java:61)
at org.apache.wss4j.common.saml.SamlAssertionWrapper.(SamlAssertionWrapper.java:204)
at org.apache.cxf.sts.token.provider.SAMLTokenProvider.createSamlToken(SAMLTokenProvider.java:303)
at org.apache.cxf.sts.token.provider.SAMLTokenProvider.createToken(SAMLTokenProvider.java:122)
... 45 more
Maybe I have a version issue :
Either I’d have to make my STS’s configuration of opensaml aware of my opensaml-core v3.0.0 classes ? Or I’d have to use a different version of CXF to get a newer version of WSS4J ?
My version of CXF is 3.0.1 and has a dependency on WSS4J-ws-security-common in version 2.0.1 witch has a dependency on opensaml version 2.6.1
Does someone have a clue ? Regards
回答1:
You can't use OpenSAML 3 with CXF 3.0.x or WSS4J 2.0.x. If you really need to use OpenSAML 3, then you will need to work with the CXF master SNAPSHOT code (3.1.0-SNAPSHOT), which is currently working with OpenSAML 3.
Colm.
来源:https://stackoverflow.com/questions/29073059/saml2-assertion-with-home-defined-attributebean-in-cxf