[picketlink-commits] Picketlink SVN: r612 - in federation/trunk: picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata and 8 other directories.

Author: anil.saldhana(a)jboss.com Date: 2010-12-20 17:20:13 -0500 (Mon, 20 Dec 2010) New Revision: 612 Added: federation/trunk/picketlink-fed-core/src/test/resources/saml-xacml/saml-xacml-response-1.xml Modified: federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML20TokenProviderUnitTestCase.java federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilder.java federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/util/KeyUtil.java federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/w3/xmldsig/KeyInfoBuilder.java federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilderUnitTestCase.java federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/MetaDataBuilderUnitTestCase.java federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/KeyUtilUnitTestCase.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/MetaDataBuilderDelegate.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java Log: saml, xacml, metadata changes Modified: federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML20TokenProviderUnitTestCase.java =================================================================== --- federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML20TokenProviderUnitTestCase.java 2010-12-20 21:58:55 UTC (rev 611) +++ federation/trunk/picketlink-bindings-jboss/src/test/java/org/picketlink/test/identity/federation/bindings/jboss/auth/SAML20TokenProviderUnitTestCase.java 2010-12-20 22:20:13 UTC (rev 612) @@ -28,9 +28,6 @@ import java.util.Map; import javax.security.auth.Subject; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.Unmarshaller; import junit.framework.TestCase; @@ -40,12 +37,14 @@ import org.jboss.security.SimplePrincipal; import org.jboss.security.plugins.JBossSecurityContext; import org.picketlink.identity.federation.bindings.jboss.auth.SAML20TokenRoleAttributeProvider; +import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.wstrust.StandardSecurityToken; import org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext; import org.picketlink.identity.federation.core.wstrust.WSTrustUtil; import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider; import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil; -import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType; import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType; @@ -116,14 +115,19 @@ SecurityContextAssociation.clearSecurityContext(); - JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.assertion"); + Element assertionElement = (Element) context.getSecurityToken().getTokenValue(); + + SAMLParser samlParser = new SAMLParser(); + AssertionType assertion = (AssertionType) samlParser.parse( DocumentUtil.getNodeAsStream(assertionElement)); + + /*JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.assertion"); Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); JAXBElement<?> parsedElement = (JAXBElement<?>) unmarshaller.unmarshal((Element) context.getSecurityToken() .getTokenValue()); assertNotNull("Unexpected null element", parsedElement); assertEquals("Unexpected element type", AssertionType.class, parsedElement.getDeclaredType()); - AssertionType assertion = (AssertionType) parsedElement.getValue(); + AssertionType assertion = (AssertionType) parsedElement.getValue();*/ StandardSecurityToken securityToken = (StandardSecurityToken) context.getSecurityToken(); assertEquals("Unexpected token id", securityToken.getTokenID(), assertion.getID()); assertEquals("Unexpected token issuer", "PicketLinkSTS", assertion.getIssuer().getValue()); @@ -142,7 +146,7 @@ assertNotNull("Unexpected null audience list", restrictionType.getAudience()); assertEquals("Unexpected number of audience elements", 1, restrictionType.getAudience().size()); assertEquals("Unexpected audience value", "http://services.testcorp.org/provider2", restrictionType.getAudience() - .get(0)); + .get(0).toString() ); // check the contents of the assertion subject. SubjectType subject = assertion.getSubject(); @@ -162,8 +166,10 @@ assertFalse("Unexpected empty list of attributes", attributes.isEmpty()); assertEquals("Unexpected number of attributes", 1, attributes.size()); Object attributeObject = attributes.iterator().next(); - assertTrue("Unexpected type instead of AttributeStatement: " + attributeObject.getClass().getSimpleName(), attributeObject instanceof AttributeType); - AttributeType attribute = (AttributeType)attributeObject; + ASTChoiceType astChoice = (ASTChoiceType) attributeObject; + AttributeType attribute = astChoice.getAttribute(); + /*assertTrue("Unexpected type instead of AttributeStatement: " + attributeObject.getClass().getSimpleName(), attributeObject instanceof AttributeType); + AttributeType attribute = (AttributeType)attributeObject;*/ assertEquals("Unexpected name for the role attribute", "roleAttributeName", attribute.getName() ); assertEquals("Unexpected number of roles", 1, attribute.getAttributeValue().size()); assertEquals("Unexpected user role", "myTestRole", attribute.getAttributeValue().get(0)); Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilder.java =================================================================== --- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilder.java 2010-12-20 21:58:55 UTC (rev 611) +++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilder.java 2010-12-20 22:20:13 UTC (rev 612) @@ -27,8 +27,8 @@ import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyDescriptorType; import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyTypes; -import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; import org.picketlink.identity.xmlsec.w3.xmlenc.EncryptionMethodType; +import org.w3c.dom.Element; /** * MetaDataBuilder for the KeyDescriptor @@ -41,7 +41,7 @@ * Create a Key Descriptor Type * @return */ - public static KeyDescriptorType createKeyDescriptor(KeyInfoType keyInfo, + public static KeyDescriptorType createKeyDescriptor( Element keyInfo, String algorithm, int keySize, boolean isSigningKey, boolean isEncryptionKey) { @@ -69,9 +69,8 @@ if(isEncryptionKey) keyDescriptor.setUse(KeyTypes.ENCRYPTION); - throw new RuntimeException( "We need a dom element as key info" ); - /*keyDescriptor.setKeyInfo(keyInfo); - - return keyDescriptor;*/ + keyDescriptor.setKeyInfo( keyInfo ); + + return keyDescriptor; } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/util/KeyUtil.java =================================================================== --- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/util/KeyUtil.java 2010-12-20 21:58:55 UTC (rev 611) +++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/util/KeyUtil.java 2010-12-20 22:20:13 UTC (rev 612) @@ -21,7 +21,6 @@ */ package org.picketlink.identity.federation.api.util; -import java.io.StringReader; import java.security.AccessController; import java.security.PrivilegedAction; import java.security.cert.Certificate; @@ -29,15 +28,18 @@ import java.security.cert.CertificateException; import java.security.cert.X509Certificate; -import javax.xml.bind.JAXBElement; import javax.xml.bind.JAXBException; import javax.xml.bind.Marshaller; import javax.xml.bind.Unmarshaller; +import org.picketlink.identity.federation.core.exceptions.ConfigurationException; +import org.picketlink.identity.federation.core.exceptions.ParsingException; +import org.picketlink.identity.federation.core.exceptions.ProcessingException; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.util.Base64; import org.picketlink.identity.federation.core.util.JAXBUtil; -import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; import org.picketlink.identity.xmlsec.w3.xmldsig.ObjectFactory; +import org.w3c.dom.Element; /** * Utility dealing with PublicKey/Certificates and xml-dsig KeyInfoType @@ -67,8 +69,12 @@ * @return * @throws JAXBException * @throws CertificateException + * @throws ProcessingException + * @throws ParsingException + * @throws ConfigurationException */ - public static KeyInfoType getKeyInfo(Certificate certificate) throws JAXBException, CertificateException + public static Element getKeyInfo(Certificate certificate) + throws CertificateException, ConfigurationException, ParsingException, ProcessingException { if(certificate == null) throw new IllegalArgumentException("certificate is null"); @@ -93,8 +99,7 @@ else throw new RuntimeException("NYI"); - JAXBElement<?> keyInfoJ = (JAXBElement<?>) getUnmarshaller().unmarshal(new StringReader(builder.toString())); - return (KeyInfoType) keyInfoJ.getValue(); + return DocumentUtil.getDocument(builder.toString()).getDocumentElement(); } /** Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/w3/xmldsig/KeyInfoBuilder.java =================================================================== --- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/w3/xmldsig/KeyInfoBuilder.java 2010-12-20 21:58:55 UTC (rev 611) +++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/w3/xmldsig/KeyInfoBuilder.java 2010-12-20 22:20:13 UTC (rev 612) @@ -21,8 +21,13 @@ */ package org.picketlink.identity.federation.api.w3.xmldsig; -import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; +import org.picketlink.identity.federation.core.exceptions.ConfigurationException; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.xmlsec.w3.xmldsig.ObjectFactory; +import org.w3c.dom.Document; +import org.w3c.dom.Element; /** @@ -38,12 +43,20 @@ * Create a KeyInfoType * @return */ - public static KeyInfoType createKeyInfo(String id) + public static Element createKeyInfo( String id ) { - KeyInfoType keyInfo = oFact.createKeyInfoType(); - - keyInfo.setId(id); - return keyInfo; + Document doc = null; + try + { + doc = DocumentUtil.createDocument(); + } + catch (ConfigurationException e) + { + throw new RuntimeException( e ); + } + Element keyInfoEl = doc.createElementNS( JBossSAMLURIConstants.XMLDSIG_NSURI.get(), JBossSAMLConstants.KEY_INFO.get() ); + keyInfoEl.setAttribute( "Id", id ); + return keyInfoEl; } /** Modified: federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilderUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilderUnitTestCase.java 2010-12-20 21:58:55 UTC (rev 611) +++ federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/KeyDescriptorMetaDataBuilderUnitTestCase.java 2010-12-20 22:20:13 UTC (rev 612) @@ -23,11 +23,11 @@ import static org.junit.Assert.assertNotNull; +import org.junit.Test; import org.picketlink.identity.federation.api.saml.v2.metadata.KeyDescriptorMetaDataBuilder; -import org.picketlink.identity.federation.api.w3.xmldsig.KeyInfoBuilder; +import org.picketlink.identity.federation.api.w3.xmldsig.KeyInfoBuilder; import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyDescriptorType; -import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; -import org.junit.Test; +import org.w3c.dom.Element; /** @@ -40,7 +40,7 @@ @Test public void testCreateKeyDescriptor() { - KeyInfoType keyInfo = KeyInfoBuilder.createKeyInfo("testKey"); + Element keyInfo = KeyInfoBuilder.createKeyInfo("testKey"); String algorithm = "http://www.w3.org/2001/04/xmlenc#rsa-1_5"; Modified: federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/MetaDataBuilderUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/MetaDataBuilderUnitTestCase.java 2010-12-20 21:58:55 UTC (rev 611) +++ federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/metadata/MetaDataBuilderUnitTestCase.java 2010-12-20 22:20:13 UTC (rev 612) @@ -27,14 +27,19 @@ import java.util.ArrayList; import java.util.List; +import org.junit.Test; import org.picketlink.identity.federation.api.saml.v2.metadata.KeyDescriptorMetaDataBuilder; import org.picketlink.identity.federation.api.saml.v2.metadata.MetaDataBuilder; import org.picketlink.identity.federation.api.w3.xmldsig.KeyInfoBuilder; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; -import org.picketlink.identity.federation.newmodel.saml.v2.metadata.*; -//import org.picketlink.identity.federation.saml.v2.assertion.AttributeType; -import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; -import org.junit.Test; +import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType; +import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EndpointType; +import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType; +import org.picketlink.identity.federation.newmodel.saml.v2.metadata.IDPSSODescriptorType; +import org.picketlink.identity.federation.newmodel.saml.v2.metadata.KeyDescriptorType; +import org.picketlink.identity.federation.newmodel.saml.v2.metadata.OrganizationType; +import org.picketlink.identity.federation.newmodel.saml.v2.metadata.SPSSODescriptorType; +import org.w3c.dom.Element; /** * Unit test the MetaDataBuilder API @@ -97,17 +102,16 @@ String id = "test-key"; //TODO: improve keyinfo - KeyInfoType keyInfo = KeyInfoBuilder.createKeyInfo(id); + Element keyInfo = KeyInfoBuilder.createKeyInfo(id); String algorithm = null; KeyDescriptorType keyDescriptorType = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo, algorithm, 0, true, false); + + List<AttributeType> attributes = new ArrayList<AttributeType>(); - throw new RuntimeException(); - /*List<AttributeType> attributes = new ArrayList<AttributeType>(); - EndpointType sloEndPoint = MetaDataBuilder.createEndpoint( JBossSAMLURIConstants.METADATA_HTTP_REDIRECT_BINDING.get(), "https://SProvider.com/SAML/SLO/Browser", @@ -118,7 +122,7 @@ sloEndPoint, attributes, createJBossOrganization(lang)); - return sp;*/ + return sp; } private OrganizationType createJBossOrganization(String language) @@ -134,17 +138,16 @@ String id = "test-key"; //TODO: improve keyinfo - KeyInfoType keyInfo = KeyInfoBuilder.createKeyInfo(id); + Element keyInfo = KeyInfoBuilder.createKeyInfo(id); String algorithm = null; KeyDescriptorType keyDescriptorType = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo, algorithm, 0, true, false); + - throw new RuntimeException(); - - /*List<AttributeType> attributes = new ArrayList<AttributeType>(); + List<AttributeType> attributes = new ArrayList<AttributeType>(); EndpointType ssoEndPoint = MetaDataBuilder.createEndpoint( JBossSAMLURIConstants.METADATA_HTTP_REDIRECT_BINDING.get(), @@ -161,7 +164,6 @@ ssoEndPoint, sloEndPoint, attributes, - createJBossOrganization(lang));*/ - + createJBossOrganization(lang)); } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/KeyUtilUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/KeyUtilUnitTestCase.java 2010-12-20 21:58:55 UTC (rev 611) +++ federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/KeyUtilUnitTestCase.java 2010-12-20 22:20:13 UTC (rev 612) @@ -28,7 +28,7 @@ import junit.framework.TestCase; import org.picketlink.identity.federation.api.util.KeyUtil; -import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; +import org.w3c.dom.Element; /** * Unit test the Key Util @@ -66,7 +66,7 @@ Certificate cert = ks.getCertificate(alias); assertNotNull("Cert not null", cert); - KeyInfoType keyInfo = KeyUtil.getKeyInfo(cert); + Element keyInfo = KeyUtil.getKeyInfo(cert); assertNotNull(keyInfo); } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/MetaDataBuilderDelegate.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/MetaDataBuilderDelegate.java 2010-12-20 21:58:55 UTC (rev 611) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/md/providers/MetaDataBuilderDelegate.java 2010-12-20 22:20:13 UTC (rev 612) @@ -115,10 +115,9 @@ EDTChoiceType choiceType = new EDTChoiceType(edtList); - throw new RuntimeException( "Unknown entity id" ); - /*EntityDescriptorType entity = new EntityDescriptorType( " "); + EntityDescriptorType entity = new EntityDescriptorType( " "); entity.addChoiceType(choiceType); - return entity; */ + return entity; } /** Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2010-12-20 21:58:55 UTC (rev 611) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2010-12-20 22:20:13 UTC (rev 612) @@ -67,6 +67,7 @@ ISSUE_INSTANT( "IssueInstant" ), ISSUER( "Issuer" ), KEY_DESCRIPTOR( "KeyDescriptor" ), + KEY_INFO( "KeyInfo" ), LANG( "lang" ), LANG_EN("en"), LOCATION( "Location" ), Added: federation/trunk/picketlink-fed-core/src/test/resources/saml-xacml/saml-xacml-response-1.xml =================================================================== --- federation/trunk/picketlink-fed-core/src/test/resources/saml-xacml/saml-xacml-response-1.xml (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/resources/saml-xacml/saml-xacml-response-1.xml 2010-12-20 22:20:13 UTC (rev 612) @@ -0,0 +1,82 @@ +<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" + ID="response-id:1" Version="2.0" IssueInstant="2008-03-19T22:17:13Z"> + <samlp:Status xmlns:samlp="urn:oasixacml-context:s:names:tc:SAML:2.0:protocol"> + <samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" + Value="urn:oasis:names:tc:xacml:1.0:status:ok"> + </samlp:StatusCode> + </samlp:Status> + <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" + Version="2.0" ID="ID_response-id:1" IssueInstant="2008-03-19T22:17:13Z"> + <saml:Issuer>issuer-1</saml:Issuer> + <saml:Statement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" + xsi:type="xacml-samlp:XACMLAuthzDecisionStatementType" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os" + xmlns:xacml-saml="urn:oasis:names:tc:xacml:2.0:saml:assertion:schema:os"> + <xacml-context:Response + xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"> + <xacml-context:Result> + <xacml-context:Decision>Permit</xacml-context:Decision> + <xacml-context:Status> + <xacml-context:StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"></xacml-context:StatusCode> + <xacml-context:StatusMessage>ok</xacml-context:StatusMessage> + </xacml-context:Status> + <xacml:Obligations xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"> + <xacml:Obligation ObligationId="obligation-10" + FulfillOn="Permit"> + </xacml:Obligation> + <xacml:Obligation ObligationId="obligation-20" + FulfillOn="Permit"> + <xacml:AttributeAssignment AttributeId="a-120" + DataType="http://www.w3.org/2001/XMLSchema#string" xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os" /> + </xacml:Obligation> + </xacml:Obligations> + </xacml-context:Result> + </xacml-context:Response> + + <xacml-context:Request + xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance/" + xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os +http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd"> + <xacml-context:Subject + SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" + DataType="http://www.w3.org/2001/XMLSchema#string"> + <xacml-context:AttributeValue>100001</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:va:names:xacml:2.0:subject:role" + DataType="http://www.w3.org/2001/XMLSchema#string"> + <xacml-context:AttributeValue>Chief Resident</xacml-context:AttributeValue> + <xacml-context:AttributeValue>Doctor</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:va:names:xacml:2.0:subject:hl7permission" + DataType="http://www.w3.org/2001/XMLSchema#string"> + <xacml-context:AttributeValue>PRD-017</xacml-context:AttributeValue> + <xacml-context:AttributeValue>PRD-003</xacml-context:AttributeValue> + <xacml-context:AttributeValue>PRD-010</xacml-context:AttributeValue> + <xacml-context:AttributeValue>PRD-006</xacml-context:AttributeValue> + </xacml-context:Attribute> + <xacml-context:Attribute AttributeId="urn:va:names:xacml:2.0:subject:locality" + DataType="http://www.w3.org/2001/XMLSchema#string"> + <xacml-context:AttributeValue>Facility A</xacml-context:AttributeValue> + </xacml-context:Attribute> + </xacml-context:Subject> + <xacml-context:Resource> + <xacml-context:Attribute AttributeId="urn:va:names:xacml:2.0:record_type" + DataType="http://www.w3.org/2001/XMLSchema#string"> + <xacml-context:AttributeValue>patientchart</xacml-context:AttributeValue> + </xacml-context:Attribute> + </xacml-context:Resource> + <xacml-context:Action> + <xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" + DataType="http://www.w3.org/2001/XMLSchema#string"> + <xacml-context:AttributeValue>read</xacml-context:AttributeValue> + </xacml-context:Attribute> + </xacml-context:Action> + <xacml-context:Environment></xacml-context:Environment> + </xacml-context:Request> + + </saml:Statement> + </saml:Assertion> +</samlp:Response> \ No newline at end of file Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java 2010-12-20 21:58:55 UTC (rev 611) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/saml/MetadataServlet.java 2010-12-20 22:20:13 UTC (rev 612) @@ -57,7 +57,7 @@ import org.picketlink.identity.federation.newmodel.saml.v2.metadata.RoleDescriptorType; import org.picketlink.identity.federation.web.constants.GeneralConstants; import org.picketlink.identity.federation.web.util.ConfigurationUtil; -import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; +import org.w3c.dom.Element; /** * Metadata servlet for the IDP/SP @@ -145,7 +145,7 @@ keyManager.setAuthProperties( authProperties ); Certificate cert = keyManager.getCertificate(signingAlias); - KeyInfoType keyInfo = KeyUtil.getKeyInfo(cert); + Element keyInfo = KeyUtil.getKeyInfo(cert); //TODO: Assume just signing key for now KeyDescriptorType keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo,