问题描述
我一直在与Apache CXF和WSS4J一起实施SecurityTokenService.
I’ve been working with Apache CXF and WSS4J to implement a SecurityTokenService.
使用实现"org.apache.cxf.sts.claims.ClaimsHandler"的"CustomClaimsHandler",我可以创建一个包含此类属性的SAML令牌:
Using a "CustomClaimsHandler" implementing "org.apache.cxf.sts.claims.ClaimsHandler" I can create a SAML token containing this kind of attributes :
<saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xsi:type="xs:string">admin</saml2:AttributeValue>
</saml2:Attribute>
问题是我现在正在尝试创建带有一些XML内容的属性.例如:
The thing is I am now trying to create an attribute with some XML content. For exemple :
<saml2:Attribute Name="http://my/xml/content">
<saml2:AttributeValue xsi:type="???">
<somthing>
<somthingElse>text</somthingElse>
</somthing>
</saml2:AttributeValue>
</saml2:Attribute>
我在此链接上得到了回应: SAML2 xml结构化属性值
Following a response I got on this link : SAML2 xml structured attribute values
我在CXF STS项目中的opensaml-core v3.0.0中添加了一个依赖项,以获取"org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport"类,如响应中的示例所示.在调用XMLObjectProviderRegistrySupport.getBuilderFactory()之前,我似乎必须初始化opensaml的配置.
I added a dependency to opensaml-core v3.0.0 in my CXF STS project to obtain the "org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport" class as shown in the exemple from the response. Before calling the XMLObjectProviderRegistrySupport.getBuilderFactory() I seemed to have to initialize the configuration of opensaml.
我通过调用"org.opensaml.core.config.InitializationService.initialize();"来管理初始化
I managed the initialization calling "org.opensaml.core.config.InitializationService.initialize();"
对于使用XSAny类型创建AttributeBean来说,一切似乎都很好.
All seems good for the creation of the AttributeBean with an XSAny type.
问题是WSS4J尝试处理SAMLCallback时:
The problem is when WSS4J tries to Handle the SAMLCallback :
Caused by: java.lang.ClassCastException: org.opensaml.core.xml.schema.impl.XSAnyBuilder cannot be cast to org.opensaml.xml.XMLObjectBuilder at org.opensaml.xml.XMLConfigurator.initializeObjectProviders(XMLConfigurator.java:236) at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:182) at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:166) at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:143) at org.apache.wss4j.common.saml.OpenSAMLBootstrap.initializeXMLTooling(OpenSAMLBootstrap.java:105) at org.apache.wss4j.common.saml.OpenSAMLBootstrap.bootstrap(OpenSAMLBootstrap.java:86) at org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine(OpenSAMLUtil.java:61) at org.apache.wss4j.common.saml.SamlAssertionWrapper.(SamlAssertionWrapper.java:204) at org.apache.cxf.sts.token.provider.SAMLTokenProvider.createSamlToken(SAMLTokenProvider.java:303) at org.apache.cxf.sts.token.provider.SAMLTokenProvider.createToken(SAMLTokenProvider.java:122) ... 45 more
Caused by: java.lang.ClassCastException: org.opensaml.core.xml.schema.impl.XSAnyBuilder cannot be cast to org.opensaml.xml.XMLObjectBuilder at org.opensaml.xml.XMLConfigurator.initializeObjectProviders(XMLConfigurator.java:236) at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:182) at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:166) at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:143) at org.apache.wss4j.common.saml.OpenSAMLBootstrap.initializeXMLTooling(OpenSAMLBootstrap.java:105) at org.apache.wss4j.common.saml.OpenSAMLBootstrap.bootstrap(OpenSAMLBootstrap.java:86) at org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine(OpenSAMLUtil.java:61) at org.apache.wss4j.common.saml.SamlAssertionWrapper.(SamlAssertionWrapper.java:204) at org.apache.cxf.sts.token.provider.SAMLTokenProvider.createSamlToken(SAMLTokenProvider.java:303) at org.apache.cxf.sts.token.provider.SAMLTokenProvider.createToken(SAMLTokenProvider.java:122) ... 45 more
也许我有版本问题:
我是否必须使我的opensaml的STS配置了解我的opensaml-core v3.0.0类?还是我必须使用其他版本的CXF才能获得更新版本的WSS4J?
Either I’d have to make my STS’s configuration of opensaml aware of my opensaml-core v3.0.0 classes ? Or I’d have to use a different version of CXF to get a newer version of WSS4J ?
我的CXF版本是3.0.1,并且对2.0.1版中的WSS4J-ws-security-common具有依赖关系;对opensaml 2.6.1版具有依赖性.
My version of CXF is 3.0.1 and has a dependency on WSS4J-ws-security-common in version 2.0.1 witch has a dependency on opensaml version 2.6.1
有人有线索吗?问候
推荐答案
您不能将OpenSAML 3与CXF 3.0.x或WSS4J 2.0.x一起使用.如果确实需要使用OpenSAML 3,则需要使用CXF主SNAPSHOT代码(3.1.0-SNAPSHOT),该代码当前正在与OpenSAML 3一起使用.
You can't use OpenSAML 3 with CXF 3.0.x or WSS4J 2.0.x. If you really need to use OpenSAML 3, then you will need to work with the CXF master SNAPSHOT code (3.1.0-SNAPSHOT), which is currently working with OpenSAML 3.
Colm.
这篇关于在CXF中使用本地定义的AttributeBean的SAML2断言的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!