I've inherited some legacy code that I need to update to handle SAML 2.0 assertions. Currently it handles SAML 1.1 assertions, which I still need it to do. The legacy code uses various flavors of CXF 2.3, WSS4J 1.5, and OpenSAML 1, so to do what I need to do I have to migrate to (at least) CXF 2.7, WSS4J 1.6 and OpenSAML 2. And of course right out of the gate I'm having some issues.
My legacy code parses a string containing a SAML 1.1 assertion using code something like this:
SAMLAssertion assertion;
InputStream in = new ByteArrayInputStream( xmlString.getBytes() );
Assertion = new SAMLAssertion;
It doesn't appear that you can parse a string quite as simply these days. I've found a few pointers online that may help, including this one:
http://stackoverflow.com/questions/4667873/creating-opensaml-assertion-from-given-xml-in-java
But that one assumes that you know already whether you have a SAML 1 or SAML 2 assertion in the XML, and at this point in my code, I do not know that. And I have to handle either.
What I would like to do is, given the XML string, build an AssertionWrapper, and use that in place of the OpenSAML 1.1 SAMLAssertion. Is there something already in WSS4J / CXF that will do the legwork, or do I need to build a DOM element, figure out what version of SAML was used, build the appropriate Assertion object, and stick it in an AssertionWrapper? It seems like this wouldn't be such a new problem, but I haven't been able to find anything online that is much help.
Thanx,
Stephen W. Chappell
My legacy code parses a string containing a SAML 1.1 assertion using code something like this:
SAMLAssertion assertion;
InputStream in = new ByteArrayInputStream( xmlString.getBytes() );
Assertion = new SAMLAssertion;
It doesn't appear that you can parse a string quite as simply these days. I've found a few pointers online that may help, including this one:
http://stackoverflow.com/questions/4667873/creating-opensaml-assertion-from-given-xml-in-java
But that one assumes that you know already whether you have a SAML 1 or SAML 2 assertion in the XML, and at this point in my code, I do not know that. And I have to handle either.
What I would like to do is, given the XML string, build an AssertionWrapper, and use that in place of the OpenSAML 1.1 SAMLAssertion. Is there something already in WSS4J / CXF that will do the legwork, or do I need to build a DOM element, figure out what version of SAML was used, build the appropriate Assertion object, and stick it in an AssertionWrapper? It seems like this wouldn't be such a new problem, but I haven't been able to find anything online that is much help.
Thanx,
Stephen W. Chappell
