I’ve been working with Apache CXF and WSS4J to implement a SecurityTokenService.
Using a “CustomClaimsHandler” implementing "org.apache.cxf.sts.claims.ClaimsHandler" I can create a SAML token containing this kind of attributes :
<saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xsi:type="xs:string">admin</saml2:AttributeValue>
</saml2:Attribute>
The thing is I am now trying to create an attribute with some XML content. For exemple :
<saml2:Attribute Name="http://my/xml/content">
<saml2:AttributeValue xsi:type="???">
<somthing>
<somthingElse>text</somthingElse>
</somthing>
</saml2:AttributeValue>
</saml2:Attribute>
I’ve looked at making a custom implementation of a “ClaimsAttributeStatementProvider” (org.apache.cxf.sts.claims) but I seem to have to use the “AttributeBean” class of WSS4J. But this class doesn’t seem to let me change the type.
Does someone now how to deal with this issue ?
======================================================================
Edit following Colm's answer :
I added a dependency to opensaml-core v3.0.0 in my CXF STS project to obtain the “org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport” class as shown in the exemple you pointed to me. Before calling the XMLObjectProviderRegistrySupport.getBuilderFactory() I seemed to have to initialize the configuration of opensaml. I didn’t manage to use the embedded configuration that I suppose my WSS4J in CXF is using. I managed the initialization calling “org.opensaml.core.config.InitializationService.initialize();”
All seems good for the creation of the AttributeBean with an XSAny type.
The problem is when WSS4J tries to Handle the SAMLCallback :
Caused by: java.lang.ClassCastException: org.opensaml.core.xml.schema.impl.XSAnyBuilder cannot be cast to org.opensaml.xml.XMLObjectBuilder
at org.opensaml.xml.XMLConfigurator.initializeObjectProviders(XMLConfigurator.java:236)
at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:182)
at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:166)
at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:143)
at org.apache.wss4j.common.saml.OpenSAMLBootstrap.initializeXMLTooling(OpenSAMLBootstrap.java:105)
at org.apache.wss4j.common.saml.OpenSAMLBootstrap.bootstrap(OpenSAMLBootstrap.java:86)
at org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine(OpenSAMLUtil.java:61)
at org.apache.wss4j.common.saml.SamlAssertionWrapper.(SamlAssertionWrapper.java:204)
at org.apache.cxf.sts.token.provider.SAMLTokenProvider.createSamlToken(SAMLTokenProvider.java:303)
at org.apache.cxf.sts.token.provider.SAMLTokenProvider.createToken(SAMLTokenProvider.java:122)
... 45 more
I suppose I have a version issue :
Either I’d have to make my STS’s configuration of opensaml aware of my opensaml-core v3.0.0 classes Or I’d have to use a different version of CXF to get a newer version of WSS4J.
My version of CXF is 3.0.1 and has a dependency on WSS4J-ws-security-common in version 2.0.1 witch has a dependency on opensaml version 2.6.1
Do you have an idea of how to resolve this problem ?
Regards
=========================
EDIT Colm resolved issue in post : SAML2 assertion with home defined AttributeBean in CXF
