OpenSaml V3 for Apache Felix OSGI

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenSaml V3 for Apache Felix OSGI

Cris Rockwell
Hello Shibboleth Developers

I am working to add SAML2 Service Provider authentication handling to Apache Sling.

My work in progress can be viewed on Github below

I have found the OpenSaml V3 eBook to be useful, but I am having trouble getting my OSGI bundle to Activate due to dependencies.  I have tried the servicemix opensaml wrapper but it seems to have the same issues in this environment (Apache Felix) as just embedding the opensaml modules directly, and I prefer to include just the relevant modules anyway.

My project pom.xml is set up to embed OpenSaml’s dependencies as well as the transitive dependencies. This approach usually works, but is a bit ham-fisted. But in this case even with this, there are dependencies that are not resolving.

In particular, these are the packages that cannot be imported.

com.beust.jcommander -- Cannot be resolved
com.beust.jcommander.converters -- Cannot be resolved
com.google.appengine.api -- Cannot be resolved
com.google.apphosting.api -- Cannot be resolved
com.google.errorprone.annotations.concurrent -- Cannot be resolved

org.apache.velocity -- Cannot be resolved
org.apache.velocity.app -- Cannot be resolved
org.apache.velocity.context -- Cannot be resolved
org.apache.velocity.exception -- Cannot be resolved
org.apache.velocity.runtime -- Cannot be resolved
org.apache.velocity.runtime.log -- Cannot be resolved
org.apache.velocity.runtime.resource.loader -- Cannot be resolved
org.apache.velocity.runtime.resource.util -- Cannot be resolved

org.apache.xml.dtm -- Cannot be resolved
org.apache.xml.utils -- Cannot be resolved
org.apache.xpath -- Cannot be resolved
org.apache.xpath.compiler -- Cannot be resolved
org.apache.xpath.functions -- Cannot be resolved
org.apache.xpath.objects -- Cannot be resolved

org.joda.convert -- Cannot be resolved
org.relaxng.datatype -- Cannot be resolved

Based on the ebook and several posts  I expect bouncycastle will need to the added to 
https://stackoverflow.com/questions/26624104/bundle-will-not-start-when-bouncy-castle-is-imported
org.bouncycastle.cert -- Cannot be resolved
org.bouncycastle.cert.jcajce -- Cannot be resolved
org.bouncycastle.openssl.jcajce -- Cannot be resolved
org.bouncycastle.operator -- Cannot be resolved
org.bouncycastle.operator.jcajce -- Cannot be resolved


If anyone has suggestions that could help, or information about some of these dependencies, I would very much appreciate any ideas.

Thanks!
Cris Rockwell
Applications Architect Sr  
College of Literature, Science, and the Arts | University of Michigan 
LSA Technology Services | 6503 Haven Hall | 505 S. State Street | Ann Arbor, MI I 48109
Desk: 734.763.6818 | [hidden email]


--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSaml V3 for Apache Felix OSGI

Cris Rockwell
Hi all

Maybe my issue is resolved if the packages below are not strictly by OpenSAML V3 or it’s dependencies. I have set the resolution to optional, and my bundle starts. If I find runtime errors in my application due to missing something below, then I’ll have more concrete information about what is needed and why.

com.beust.jcommander*;resolution:=optional,
com.google.appengine.api.*;resolution:=optional,
com.google.apphosting.api.*;resolution:=optional,
com.google.appengine.repackaged.*;resolution:=optional,
org.apache.log.*;resolution:=optional,
org.apache.oro.text.perl.*;resolution:=optional,
antlr.*;resolution:=optional,
org.apache.tools.ant.*;resolution:=optional,
junit.framework.*;resolution:=optional,
org.dom4j.*;resolution:=optional,
org.jdom.*;resolution:=optional,
org.bouncycastle.*;resolution:=optional,
com.sun.org.apache.xerces.internal.*;resolution:=optional,


In this environment, my bundle Activator has the lines...

JavaCryptoValidationInitializer jcvi = new JavaCryptoValidationInitializer();
jcvi.init();

for (Provider jceProvider : Security.getProviders()) {
    logger.info(jceProvider.getInfo());
}

With the following algorithms output

SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS & DKS keystores; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration)

Sun RSA signature providerSun Elliptic Curve provider (EC, ECDSA, ECDH)Sun JSSE provider(PKCS12, SunX509/PKIX key/trust factories, SSLv3/TLSv1/TLSv1.1/TLSv1.2)

SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC)

Sun (Kerberos v5, SPNEGO)

Sun SASL provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5, NTLM; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5, NTLM)

XMLDSig (DOM XMLSignatureFactory; DOM KeyInfoFactory; C14N 1.0, C14N 1.1, Exclusive C14N, Base64, Enveloped, XPath, XPath2, XSLT TransformServices)

Sun PC/SC providerApple Provider

Which looks good to me.


Regards
Cris Rockwell
Applications Architect Sr  
College of Literature, Science, and the Arts | University of Michigan 
LSA Technology Services | 6503 Haven Hall | 505 S. State Street | Ann Arbor, MI I 48109
Desk: 734.763.6818 | [hidden email]

On Feb 18, 2020, at 7:20 PM, Cris Rockwell <[hidden email]> wrote:

Hello Shibboleth Developers

I am working to add SAML2 Service Provider authentication handling to Apache Sling.

My work in progress can be viewed on Github below

I have found the OpenSaml V3 eBook to be useful, but I am having trouble getting my OSGI bundle to Activate due to dependencies.  I have tried the servicemix opensaml wrapper but it seems to have the same issues in this environment (Apache Felix) as just embedding the opensaml modules directly, and I prefer to include just the relevant modules anyway.

My project pom.xml is set up to embed OpenSaml’s dependencies as well as the transitive dependencies. This approach usually works, but is a bit ham-fisted. But in this case even with this, there are dependencies that are not resolving.

In particular, these are the packages that cannot be imported.

com.beust.jcommander -- Cannot be resolved
com.beust.jcommander.converters -- Cannot be resolved
com.google.appengine.api -- Cannot be resolved
com.google.apphosting.api -- Cannot be resolved
com.google.errorprone.annotations.concurrent -- Cannot be resolved

org.apache.velocity -- Cannot be resolved
org.apache.velocity.app -- Cannot be resolved
org.apache.velocity.context -- Cannot be resolved
org.apache.velocity.exception -- Cannot be resolved
org.apache.velocity.runtime -- Cannot be resolved
org.apache.velocity.runtime.log -- Cannot be resolved
org.apache.velocity.runtime.resource.loader -- Cannot be resolved
org.apache.velocity.runtime.resource.util -- Cannot be resolved

org.apache.xml.dtm -- Cannot be resolved
org.apache.xml.utils -- Cannot be resolved
org.apache.xpath -- Cannot be resolved
org.apache.xpath.compiler -- Cannot be resolved
org.apache.xpath.functions -- Cannot be resolved
org.apache.xpath.objects -- Cannot be resolved

org.joda.convert -- Cannot be resolved
org.relaxng.datatype -- Cannot be resolved

Based on the ebook and several posts  I expect bouncycastle will need to the added to 
https://stackoverflow.com/questions/26624104/bundle-will-not-start-when-bouncy-castle-is-imported
org.bouncycastle.cert -- Cannot be resolved
org.bouncycastle.cert.jcajce -- Cannot be resolved
org.bouncycastle.openssl.jcajce -- Cannot be resolved
org.bouncycastle.operator -- Cannot be resolved
org.bouncycastle.operator.jcajce -- Cannot be resolved


If anyone has suggestions that could help, or information about some of these dependencies, I would very much appreciate any ideas.

Thanks!
Cris Rockwell
Applications Architect Sr  
College of Literature, Science, and the Arts | University of Michigan 
LSA Technology Services | 6503 Haven Hall | 505 S. State Street | Ann Arbor, MI I 48109
Desk: 734.763.6818 | [hidden email]



--
To unsubscribe from this list send an email to [hidden email]