The AssertionWrapper is set up in such a way to either construct SAML Assertions via a CallbackHandler, or else to process a received SAML Assertion (as a DOM Element). Using the latter constructor is not valid if you then want to use the Assertion for signing.
So what you should be able to do instead, is to construct the AsseritonWrapper via a CallbackHandler, passing the existing DOM Element token to SAMLCallback.setAssertionElement(). Colm. On Thu, Apr 30, 2015 at 10:52 PM, Yang, Gang CTR USARMY (US) < [email protected]> wrote: > Hi, > > > > I'm using WSS4j 1.6.18. I'm able to generate the SAML 2.0 HOK assertion > (AssertionWrapper class) using SAML2CallbackHandler and sign the SOAP > document w/o problem. However, I've been failing to use an existing SAML > 2.0 HOK assertion to sign. Here's the details: > > > > I first captured the generated SAML 2.0 HOK assertion string, constructed > an OpenSAML SAML 2.0 assertion from it and then created the > AssertionWrapper from the OpenSAML assertion. Using so constructed > AssertionWrapper, I failed the signing of the SOAP document. > > > > Then I obtained the AssertionWrapper directly from the successful > verification result and used it directly to repeat the SOAP signing and I > succeeded. > > > > Thirdly, I obtained the AssertionWrapper directly from the successful > verification result, obtained the OpenSAML 2.0 assertion from getSaml2() > getter. constructed a new AssertionWrapper from the OpenSAML 2.0 assertion > and used it to sign the SOAP doc. I failed again. > > > > Both failure gave me the same exception: > > > > org.apache.xml.security.signature.XMLSignatureException: Sorry, you > supplied the wrong key type for this operation! You supplied a null but a > java.security.PrivateKey is needed. > at > org.apache.xml.security.algorithms.implementations.SignatureBaseRSA.engineInitSign(SignatureBaseRSA.java:150) > at > org.apache.xml.security.algorithms.implementations.SignatureBaseRSA.engineInitSign(SignatureBaseRSA.java:166) > at > org.apache.xml.security.algorithms.SignatureAlgorithm.initSign(SignatureAlgorithm.java:239) > at > org.apache.xml.security.signature.XMLSignature.sign(XMLSignature.java:606) > at org.opensaml.xml.signature.Signer.signObject(Signer.java:76) > at > org.apache.ws.security.saml.ext.OpenSAMLUtil.signObject(OpenSAMLUtil.java:234) > at > org.apache.ws.security.saml.ext.OpenSAMLUtil.signXMLObject(OpenSAMLUtil.java:211) > at > org.apache.ws.security.saml.ext.OpenSAMLUtil.toDom(OpenSAMLUtil.java:164) > at > org.apache.ws.security.saml.ext.OpenSAMLUtil.toDom(OpenSAMLUtil.java:115) > at > org.apache.ws.security.saml.ext.AssertionWrapper.toDOM(AssertionWrapper.java:314) > at > org.apache.ws.security.saml.WSSecSignatureSAML.prepare(WSSecSignatureSAML.java:209) > at > org.apache.ws.security.saml.WSSecSignatureSAML.build(WSSecSignatureSAML.java:117) > at > mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessage(Ts3Wss4jOutHandler.java:285) > at > mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessage(Ts3Wss4jOutHandler.java:210) > at > mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessage(Ts3Wss4jOutHandler.java:206) > at > mil.army.security.ts3.Ts3Wss4j.Ts3Wss4jOutHandler.secureMessageWithAssertion(Ts3Wss4jOutHandler.java:200) > at mil.army.security.ts3.Ts3Wss4j.TestHandlers.main(TestHandlers.java:36) > > > > Do I have a misconception trying to construct an AssertionWrapper from an > OpenSAML 2.0 Assertion? Why does it always fail when I use an > AssertionWrapper constructed this way? > > > > Thanks, > > Gang > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
