Generate a Metadata Object from string in OpenSAML3

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Generate a Metadata Object from string in OpenSAML3

DD K
Hi All,

What I'm currently trying is to migrate from OpenSAML2.x to OpenSAML3.x. Currently on OpenSAML2.x the code is as below:
private EntityDescriptor generateMetadataObjectFromString(String metadataString) {
EntityDescriptor entityDescriptor = null;
try {
DocumentBuilderFactory factory = IdentityUtil.getSecuredDocumentBuilderFactory();
factory.setNamespaceAware(true);
DocumentBuilder builder = factory.newDocumentBuilder();
Document document = builder.parse(new ByteArrayInputStream(metadataString.getBytes()));
Element node = document.getDocumentElement();
DOMMetadataResolver idpMetaDataProvider = new DOMMetadataResolver(node);
idpMetaDataProvider.setRequireValidMetadata(true);
idpMetaDataProvider.setParserPool(new BasicParserPool());
idpMetaDataProvider.initialize();
XMLObject xmlObject = idpMetaDataProvider.getMetadata();
entityDescriptor = (EntityDescriptor) xmlObject;
} catch ( ComponentInitializationException | SAXException | ParserConfigurationException | IOException e) {
log.error("Error While reading Service Provider metadata xml", e);
}
return entityDescriptor;
}

So after changing them to new classes and methods it looked like:
private EntityDescriptor generateMetadataObjectFromString(String metadataString) {
EntityDescriptor entityDescriptor = null;
try {
DocumentBuilderFactory factory = IdentityUtil.getSecuredDocumentBuilderFactory();
factory.setNamespaceAware(true);
DocumentBuilder builder = factory.newDocumentBuilder();
Document document = builder.parse(new ByteArrayInputStream(metadataString.getBytes()));
Element node = document.getDocumentElement();
DOMMetadataResolver idpMetaDataProvider = new DOMMetadataResolver(node);
idpMetaDataProvider.setRequireValidMetadata(true);
idpMetaDataProvider.setParserPool(new BasicParserPool());
idpMetaDataProvider.initialize();
// XMLObject xmlObject = idpMetaDataProvider.getMetadata();
// entityDescriptor = (EntityDescriptor) xmlObject;
} catch ( ComponentInitializationException | SAXException | ParserConfigurationException | IOException e) {
log.error("Error While reading Service Provider metadata xml", e);
}
return entityDescriptor;
}
But I've struggled to find a resource on how to generate a EntityDescriptor to return from the method cause now there is no method such as generateMetadata() in DOMMetadataResolver, keeping this apart there is a method called resolveSingle() but it needs a CriteriaSet(which i do not know what to include). The two commented lines are the ones where I'm stuck but if I'm missing anything in any other place let me know. 

Any answers would be appreciated,
Deshan Koswatte

--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Generate a Metadata Object from string in OpenSAML3

DD K
Sorry the first code snippet should be as follows:
private EntityDescriptor generateMetadataObjectFromString(String metadataString) {
EntityDescriptor entityDescriptor = null;
try {
DocumentBuilderFactory factory = IdentityUtil.getSecuredDocumentBuilderFactory();
factory.setNamespaceAware(true);
DocumentBuilder builder = factory.newDocumentBuilder();
Document document = builder.parse(new ByteArrayInputStream(metadataString.getBytes()));
Element node = document.getDocumentElement();
DOMMetadataProvider idpMetaDataProvider = new DOMMetadataProvider(node);
idpMetaDataProvider.setRequireValidMetadata(true);
idpMetaDataProvider.setParserPool(new BasicParserPool());
idpMetaDataProvider.initialize();
XMLObject xmlObject = idpMetaDataProvider.getMetadata();
entityDescriptor = (EntityDescriptor) xmlObject;
} catch (MetadataProviderException | SAXException | ParserConfigurationException | IOException e) {
log.error("Error While reading Service Provider metadata xml", e);
}
return entityDescriptor;
}

On Wed, Aug 14, 2019 at 1:59 PM DD K <[hidden email]> wrote:
Hi All,

What I'm currently trying is to migrate from OpenSAML2.x to OpenSAML3.x. Currently on OpenSAML2.x the code is as below:
private EntityDescriptor generateMetadataObjectFromString(String metadataString) {
EntityDescriptor entityDescriptor = null;
try {
DocumentBuilderFactory factory = IdentityUtil.getSecuredDocumentBuilderFactory();
factory.setNamespaceAware(true);
DocumentBuilder builder = factory.newDocumentBuilder();
Document document = builder.parse(new ByteArrayInputStream(metadataString.getBytes()));
Element node = document.getDocumentElement();
DOMMetadataResolver idpMetaDataProvider = new DOMMetadataResolver(node);
idpMetaDataProvider.setRequireValidMetadata(true);
idpMetaDataProvider.setParserPool(new BasicParserPool());
idpMetaDataProvider.initialize();
XMLObject xmlObject = idpMetaDataProvider.getMetadata();
entityDescriptor = (EntityDescriptor) xmlObject;
} catch ( ComponentInitializationException | SAXException | ParserConfigurationException | IOException e) {
log.error("Error While reading Service Provider metadata xml", e);
}
return entityDescriptor;
}

So after changing them to new classes and methods it looked like:
private EntityDescriptor generateMetadataObjectFromString(String metadataString) {
EntityDescriptor entityDescriptor = null;
try {
DocumentBuilderFactory factory = IdentityUtil.getSecuredDocumentBuilderFactory();
factory.setNamespaceAware(true);
DocumentBuilder builder = factory.newDocumentBuilder();
Document document = builder.parse(new ByteArrayInputStream(metadataString.getBytes()));
Element node = document.getDocumentElement();
DOMMetadataResolver idpMetaDataProvider = new DOMMetadataResolver(node);
idpMetaDataProvider.setRequireValidMetadata(true);
idpMetaDataProvider.setParserPool(new BasicParserPool());
idpMetaDataProvider.initialize();
// XMLObject xmlObject = idpMetaDataProvider.getMetadata();
// entityDescriptor = (EntityDescriptor) xmlObject;
} catch ( ComponentInitializationException | SAXException | ParserConfigurationException | IOException e) {
log.error("Error While reading Service Provider metadata xml", e);
}
return entityDescriptor;
}
But I've struggled to find a resource on how to generate a EntityDescriptor to return from the method cause now there is no method such as generateMetadata() in DOMMetadataResolver, keeping this apart there is a method called resolveSingle() but it needs a CriteriaSet(which i do not know what to include). The two commented lines are the ones where I'm stuck but if I'm missing anything in any other place let me know. 

Any answers would be appreciated,
Deshan Koswatte

--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Generate a Metadata Object from string in OpenSAML3

Brent Putman
In reply to this post by DD K


On 8/14/19 4:29 AM, DD K wrote:
Hi All,

What I'm currently trying is to migrate from OpenSAML2.x to OpenSAML3.x. Currently on OpenSAML2.x the code is as below:

Well that wasn't correct in the first place.  At least not if you're just trying to turn some XML you already have into an XMLObject tree. If you have the XML for an existing EntityDescriptor or EntitiesDescriptor element and just want to parse that into OpenSAML representation, then you just parse and unmarshall.  Exactly like what you were doing in the earlier thread you posted for (I think) AuthnRequest.  Given that you were using the DOMMetadataProvider, you were doing sort of doing that, but in a very roundabout and unnecessary fashion.



But I've struggled to find a resource on how to generate a EntityDescriptor to return from the method cause now there is no method such as generateMetadata() in DOMMetadataResolver, keeping this apart


Right, the entire design and API of metadata providers changed in 3.x.  In 3.x it's entirely EntityDescirptor-centric (no more EntitiesDescriptors are surfaced) and the API is about searching for and returning 1 or more EntityDescriptors.


there is a method called resolveSingle() but it needs a CriteriaSet(which i do not know what to include).

Right, in the new model you would supply criteria for the EntityDescriptor(s) you want.  In the common SSO use case, you usually want just 1, based usually on entityID criteria.

If you want to see how that works, take a look at the relevant unit tests, there's plenty of examples there.



--
To unsubscribe from this list send an email to [hidden email]