-->

OpenSAML 3 unmarshaller is null

2019-05-31 19:36发布

问题:

Hi i am currently porting an app to opensaml3 and run into the following issue:

InitializationService.initialize();
...
Unmarshaller unmarshaller = Configuration.getUnmarshallerFactory().getUnmarshaller(qName);

I have replaced the DefaultBootstrap from opensaml2 and previous by the initialize function. Still the factory is returning me null as marshaller. Any idea what is going wrong here?

This is the output from initialize progress:

[main] INFO org.opensaml.core.config.InitializationService - Initializing OpenSAML using the Java Services API
[main] INFO org.opensaml.xmlsec.algorithm.AlgorithmRegistry - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmlenc#ripemd160
[main] INFO org.opensaml.xmlsec.algorithm.AlgorithmRegistry - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
[main] INFO org.opensaml.xmlsec.algorithm.AlgorithmRegistry - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160

回答1:

I supose you're using opensaml v3 so You should create the UnmarshallerFactory object with the XMLObjectProviderRegistrySupport class like this it works perfectly

UnmarshallerFactory umFactory=XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
    Unmarshaller unmarshaller=umFactory.getUnmarshaller(element);


回答2:

This error is due to lack of algorithm support in your JCE implementation you use. Even if you use BouncyCastle, some algorithms seems to be not supported. Unless you use these algorithms, there is no need to worry about. Installing the JCE unlimited strength jurisdiction policy jars to the jre will resolve this.
Refer: Decrypting encrypted assertion using SAML 2.0 in java using OpenSAML as well.