How to validate SAML2.0 with axis2

pymz Wed, 26 Oct 2011 05:40:16 -0700

Hi,

In my project i have to validate a saml2.0 assertion included in the soap
header. This assertion comes from a client, so I just some example of the
structure.


After lot time passed on google/forums etc, I don't really find a good
doc/exemple to validate an assertion. I just find some information to
generate a SAML but nothing to validate it.

I have created an axis2 module "SAMLValidator" with and handler
SAMLValidatorHandler :

public class ValidatorHandler extends AbstractHandler {

  public InvocationResponse invoke(MessageContext msgContext) throws
AxisFault {

    SOAPEnvelope soapEnv = msgContext.getEnvelope();
    SOAPHeader soapHead = soapEnv.getHeader();

                try {
                        //initialize the opensaml library
                        DefaultBootstrap.bootstrap();
                        Schema schema = SAMLSchemaBuilder.getSAML11Schema();
                        
                        //get parser pool manager
                        BasicParserPool parserPoolManager = new 
BasicParserPool();
                        parserPoolManager.setNamespaceAware(true);
                        
parserPoolManager.setIgnoreElementContentWhitespace(true);
                        parserPoolManager.setSchema(schema);
                        
                        Validator validator = schema.newValidator();
                        
                        //pasing
                        Reader input = new StringReader(soapHead.toString());
                        Document doc = parserPoolManager.parse(input);
                        
                        Source srcc = new DOMSource(doc);
                        //Result res = new StreamResult();
                        
                        //validation
                        validator.validate(srcc);
                        
                        printDOMInfos(doc);
                        
                } catch (SAXException e) {
                        // TODO Auto-generated catch block
                        e.printStackTrace();
                } catch (ConfigurationException e) {
                        // TODO Auto-generated catch block
                        e.printStackTrace();
                } catch (XMLParserException e) {
                        // TODO Auto-generated catch block
                        e.printStackTrace();
                } catch (IOException e) {
                        // TODO Auto-generated catch block
                        e.printStackTrace();
                }
  }
}

But I not really sure if this can validate the SAML...

There is an other commons way to validate the assertion? With Ws-Trust ?
WS-Policy? I'm a little bit confused about all kind of WS-*... If anyone can
help me... It would be great

Thanks in advance.

ps: sorry for my frenchy's english ^^
-- 
View this message in context: 
http://old.nabble.com/How-to-validate-SAML2.0-with-axis2-tp32724025p32724025.html
Sent from the Axis - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscr...@axis.apache.org
For additional commands, e-mail: java-user-h...@axis.apache.org

How to validate SAML2.0 with axis2

Reply via email to