OpenSAML: AttributeStatementSchemaValidator.java doesn't consider encrypted attributes

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

OpenSAML: AttributeStatementSchemaValidator.java doesn't consider encrypted attributes

Chandra Sekhar B K
org.opensaml.saml2.core.validator.AttributeStatementSchemaValidator.validateAttributes() doesn't considers EncryptedAttributes.

As a result of this, getting ValidationException for an assertion with only EncryptedAttributes, with the following code snippet :

ValidatorSuite schemaValidators = org.opensaml.Configuration.getValidatorSuite("saml2-core-schema-validator");
try {
schemaValidators.validate(assertionXMLObj);
} catch (ValidationException e) {
LOG.debug("Saml Validation error: " + e.getMessage(), e);
}


Exception details :

Caused by: org.opensaml.xml.validation.ValidationException: Must contain one or more attributes
at org.opensaml.saml2.core.validator.AttributeStatementSchemaValidator.validateAttributes(AttributeStatementSchemaValidator.java:51)
at org.opensaml.saml2.core.validator.AttributeStatementSchemaValidator.validate(AttributeStatementSchemaValidator.java:40)
at org.opensaml.saml2.core.validator.AttributeStatementSchemaValidator.validate(AttributeStatementSchemaValidator.java:31)
at org.opensaml.xml.validation.ValidatorSuite.performValidation(ValidatorSuite.java:169)
at org.opensaml.xml.validation.ValidatorSuite.performValidation(ValidatorSuite.java:152)
at org.opensaml.xml.validation.ValidatorSuite.validate(ValidatorSuite.java:83)
at org.opensaml.xml.validation.ValidatorSuite.validate(ValidatorSuite.java:88)



Resolution:
In org.opensaml.saml2.core.validator.AttributeStatementSchemaValidator.java changed the validateAttributes():

 protected void validateAttributes(AttributeStatement attributeStatement) throws ValidationException {
        if (attributeStatement.getAttributes() == null || attributeStatement.getAttributes().size() == 0) {
         if(attributeStatement.getEncryptedAttributes()==null || attributeStatement.getEncryptedAttributes().size()==0)
         throw new ValidationException("Must contain one or more attributes");
        }
    }


Please comment on this.