问题描述
我一直在与Apache CXF和WSS4J一起实现SecurityTokenService。
I’ve been working with Apache CXF and WSS4J to implement a SecurityTokenService.
使用 CustomClaimsHandler实现 org.apache.cxf.sts.claims。 ClaimsHandler,我可以创建一个包含此类属性的SAML令牌:
Using a "CustomClaimsHandler" implementing "org.apache.cxf.sts.claims.ClaimsHandler" I can create a SAML token containing this kind of attributes :
<saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xsi:type="xs:string">admin</saml2:AttributeValue>
</saml2:Attribute>
问题是我现在正在尝试创建带有一些XML内容的属性。例如:
The thing is I am now trying to create an attribute with some XML content. For exemple :
<saml2:Attribute Name="http://my/xml/content">
<saml2:AttributeValue xsi:type="???">
<somthing>
<somthingElse>text</somthingElse>
</somthing>
</saml2:AttributeValue>
</saml2:Attribute>
我看过如何自定义实现 ClaimsAttributeStatementProvider(org.apache.cxf。 sts.claims),但我似乎不得不使用WSS4J的 AttributeBean类。
I’ve looked at making a custom implementation of a "ClaimsAttributeStatementProvider" (org.apache.cxf.sts.claims) but I seem to have to use the "AttributeBean" class of WSS4J. But this class doesn’t seem to let me change the type.
现在有人会如何处理此问题吗?
Does someone now how to deal with this issue ?
=============================================== ========================
======================================================================
按照Colm的答案进行编辑:
Edit following Colm's answer :
我在CXF STS项目中为opensaml-core v3.0.0添加了一个依赖项,以获得 org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport类,如您所指出的示例所示我。
在调用XMLObjectProviderRegistrySupport.getBuilderFactory()之前,我似乎必须初始化opensaml的配置。我没有使用我认为CXF中的WSS4J正在使用的嵌入式配置。
我通过调用 org.opensaml.core.config.InitializationService.initialize();来管理初始化
I added a dependency to opensaml-core v3.0.0 in my CXF STS project to obtain the "org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport" class as shown in the exemple you pointed to me. Before calling the XMLObjectProviderRegistrySupport.getBuilderFactory() I seemed to have to initialize the configuration of opensaml. I didn’t manage to use the embedded configuration that I suppose my WSS4J in CXF is using. I managed the initialization calling "org.opensaml.core.config.InitializationService.initialize();"
对于创建具有XSAny类型的AttributeBean似乎一切都很好。
All seems good for the creation of the AttributeBean with an XSAny type.
问题是WSS4J尝试运行时处理SAMLCallback的操作:
The problem is when WSS4J tries to Handle the SAMLCallback :
原因:java.lang.ClassCastException:org.opensaml.core.xml.schema.impl .XSAnyBuilder无法在org.opensaml.xml.XMLConfigurator.initializeObjectProviders(XMLConfigurator.java:236)
在org.opensaml.xml.XMLConfigurator.load(XMLConfigurator)处转换为org.opensaml.xml.XMLObjectBuilder
.java:182)org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:166)
org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:143)
b在org.apache.wss4j.common.saml.OpenSAMLBootstrap.initializeXMLTooling(OpenSAMLBootstrap.java:105)
在org.apache.wss4j.common.saml.OpenSAMLBootstrap.bootstrap(OpenSAMLBootstrap.java:86)
b在org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine(OpenSAMLUtil.java:61)
在org.apache.wss4j.common.sa ml.SamlAssertionWrapper。(SamlAssertionWrapper.java:204)
在org.apache.cxf.sts.token.provider.SAMLTokenProvider.createSamlToken(SAMLTokenProvider.java:303)
在org.apache.cxf.sts .token.provider.SAMLTokenProvider.createToken(SAMLTokenProvider.java:122)
...另外45个
我想我有一个版本问题:
I suppose I have a version issue :
要么我必须让我的opensaml的STS配置知道我的opensaml-core v3.0.0类
或者我必须使用其他版本的CXF来获得较新版本的WSS4J。
Either I’d have to make my STS’s configuration of opensaml aware of my opensaml-core v3.0.0 classes Or I’d have to use a different version of CXF to get a newer version of WSS4J.
我的CXF版本为3.0.1,并且依赖于WSS4J-ws 2.0.1版中的-security-common巫婆依赖opensaml 2.6.1版
My version of CXF is 3.0.1 and has a dependency on WSS4J-ws-security-common in version 2.0.1 witch has a dependency on opensaml version 2.6.1
您是否知道如何解决此问题?
Do you have an idea of how to resolve this problem ?
致谢
======================= ==
=========================
编辑
帖子中已解决的问题:
推荐答案
WSS4J中的AttributeBean类允许您传递OpenSAML XMLObject对象。因此,您可以使用OpenSAML创建自定义属性类型,然后将其传递。这是WSS4J中的一个测试用例,在其中添加了整数类型(请参阅 testSAML2AttrAssertionIntegerAttribute):
The setAttributeValues method of the AttributeBean class in WSS4J allows you to pass through OpenSAML XMLObject objects. So you can can create your custom attribute types using OpenSAML and then pass them through. Here is a test-case in WSS4J that adds an "Integer" type in (see "testSAML2AttrAssertionIntegerAttribute"):
Colm。
这篇关于SAML2 xml结构化属性值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!