Loading…
Tilbage

About Digitalisér.dk


17-11-2009 11:22:41

www.digitaliser.dk is a social network and tool for development, knowledge sharing and a forum for the digitisation of Denmark. The literal translation is Digitise.dk

Digitaliser.dk is both a formal central repository of information on data interchange standards and a big open digital playground - a creative space for everyone involved in digitising the public sector.

Digitalisér.dk aims to stimulate development and adoption of digital content and business models by utilising Web 2.0 technologies and public data and digital resources. With digitaliser.dk, the Danish government has created a new model of partnership between the tech community and government which paves the way for more direct communication between the public sector, citizens, and businesses. Citizens and businesses are no longer passive recipients of public information but participate in dialogue and knowledge sharing with the public sector.

Digitalisér.dk is also a venue that provides an uncomplicated basis for debating common public digitisation by using intuitive web-based interaction rather than formal processes. Digitalisér.dk is also intended to be of value to users outside the Danish public sector and is open for use to all, both public and private, as well as Danish and non-Danish users.

The user interface is not available in English at the moment. If you need a more detailed description of digitalisér.dk in English or should you have any suggestions or comments to digitaliser.dk you are very welcome to contact us at info@digitaliser.dk.

The Danish Agency for Digitisation invite partnerships, participation and usage.

Digitalisér.dk is established and maintained by the Danish Agency for Digitisation.

Profilbillede

Patch to support encrypted assertions

gregw Greg

The current implementation fails due to unexpected side effects down in OpenSAML when attempting to add an assertion to a response.  OpenSAML tries to manage the XML object graph while doing this, but it has a bug and ends up setting the parent references to null.  This causes errors when attempting to use the response object later.

The solution I found was to not try to add the decrypted assertion, but rather clean up references to assertions to always check for the decrypted one stored in the instance field first, and then the response unencrypted assertion list.  The only references to the unencrypted assertion list were in OIOResponse, so the scope was isolated.

I also found we need to decrypt the assertion first for completeness, before retrieving the IDP entity ID, as we want to also check the encrypted assertion if we have one, not just the unencrypted one and the response itself.

I've attached my patch that works with OpenAM encrypted assertions.  Reply or contact me through my user account on this site if you have questions.

Hi gregw Greg

Thank you for you're contribution. I'll tip the folks in the OIOSAML Group thats responsible for the OIOSAML.JAVA toolkit.

Best regards
Brian Nielsen 

Profilbillede

Problem getting oiosaml.java-demo-11442.war to work

nitin gupta

I have downloaded and installed the oiosaml.java-demo-11442.war in a Jetty Server.

I have setup salesforce.com as IDP and have downloaded the metadata for this IDP. I have successfuly added this metadata to the oiosaml-demo SP configuration files.

When I try to login a user using the login link in the oiosaml-demo application, I am redirected to my salesforce IDP and I am able to successfuly authenticate in salesforce. I can see the IDP logs in salesforce and can verify that salesforce authenticated the user.

After authentication, I am redirected to my oiosaml-demo SP's AssertionConsumer URL and I get the following error message:

 ---------------------------

The request failed. The reason is:

The response is not signed correctly

Stacktrace:

dk.itst.oiosaml.sp.model.validation.ValidationException: The response is not signed correctly    at dk.itst.oiosaml.sp.model.OIOResponse.validateResponse(OIOResponse.java:108)      at dk.itst.oiosaml.sp.service.SAMLAssertionConsumerHandler.handleSAMLResponse(SAMLAssertionConsumerHandler.java:133)      at dk.itst.oiosaml.sp.service.SAMLAssertionConsumerHandler.handlePost(SAMLAssertionConsumerHandler.java:94)      at dk.itst.oiosaml.sp.service.DispatcherServlet.doPost(DispatcherServlet.java:212)      at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)      at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)      at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:696)      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1568)      at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:164)      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1539)      at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:524)      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)      at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:568)      at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)      at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1110)      at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:453)      at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)      at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1044)      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)      at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:199)      at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109)      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)      at org.eclipse.jetty.server.Server.handle(Server.java:459)      at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:280)      at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:229)      at org.eclipse.jetty.io.AbstractConnection$1.run(AbstractConnection.java:505)      at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607)      at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536)      at java.lang.Thread.run(Thread.java:744)  

--------------------
I am trying to figure out the reason for this. I am using a self-signed certificate at the IDP. Could that be the reason for this failure?

On the startup of the OIOSAML demo applicaiton, I see the following entries in the log which indicate that the demo code is trying to check the CRL and OCSP lists which are not available as this is a self signed certificate :
=========

2014-02-15 16:31:53,714 [ERROR] OIOSAML_AUDIT_LOGGER - Dispatch:SAMLAssertionConsumer <-- 99.99.188.183 gql0neh4oby91ni4pg9je5hjr '' '' 'The response is not signed correctly'
dk.itst.oiosaml.sp.model.validation.ValidationException: The response is not signed correctly
at dk.itst.oiosaml.sp.model.OIOResponse.validateResponse(OIOResponse.java:108)
at dk.itst.oiosaml.sp.service.SAMLAssertionConsumerHandler.handleSAMLResponse(SAMLAssertionConsumerHandler.java:133)
at dk.itst.oiosaml.sp.service.SAMLAssertionConsumerHandler.handlePost(SAMLAssertionConsumerHandler.java:94)
at dk.itst.oiosaml.sp.service.DispatcherServlet.doPost(DispatcherServlet.java:212)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:696)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1568)
at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:164)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1539)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:524)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:568)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1110)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:453)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1044)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:199)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:459)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:280)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:229)
at org.eclipse.jetty.io.AbstractConnection$1.run(AbstractConnection.java:505)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536)
at java.lang.Thread.run(Thread.java:744)
2014-02-15 16:31:53,714 [ERROR] dk.itst.oiosaml.sp.service.DispatcherServlet - Unable to validate Response
dk.itst.oiosaml.sp.model.validation.ValidationException: The response is not signed correctly
at dk.itst.oiosaml.sp.model.OIOResponse.validateResponse(OIOResponse.java:108)
at dk.itst.oiosaml.sp.service.SAMLAssertionConsumerHandler.handleSAMLResponse(SAMLAssertionConsumerHandler.java:133)
at dk.itst.oiosaml.sp.service.SAMLAssertionConsumerHandler.handlePost(SAMLAssertionConsumerHandler.java:94)
at dk.itst.oiosaml.sp.service.DispatcherServlet.doPost(DispatcherServlet.java:212)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:696)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1568)
at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:164)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1539)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:524)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:568)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1110)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:453)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1044)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:199)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:459)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:280)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:229)
at org.eclipse.jetty.io.AbstractConnection$1.run(AbstractConnection.java:505)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536)
at java.lang.Thread.run(Thread.java:744)
2014-02-15 16:31:54,187 [INFO] OIOSAML_AUDIT_LOGGER - Session created at: 1392503513632, timeout after 1800 seconds
2014-02-15 16:31:54,189 [DEBUG] dk.itst.oiosaml.sp.service.util.ArtifactExtractor - Got SAMLart..:null
2014-02-15 16:31:54,189 [ERROR] OIOSAML_AUDIT_LOGGER - Dispatch:SAMLAssertionConsumer <-- 99.99.188.183 gql0neh4oby91ni4pg9je5hjr '' '' ' Parameter 'SAMLart' is null...'
java.lang.IllegalArgumentException: Parameter 'SAMLart' is null...
at dk.itst.oiosaml.sp.service.util.ArtifactExtractor.extract(ArtifactExtractor.java:78)
at dk.itst.oiosaml.sp.service.SAMLAssertionConsumerHandler.handleGet(SAMLAssertionConsumerHandler.java:110)
at dk.itst.oiosaml.sp.service.DispatcherServlet.doGet(DispatcherServlet.java:182)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:696)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1568)
at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:164)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1539)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:524)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:568)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1110)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:453)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1044)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:199)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:459)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:280)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:229)
at org.eclipse.jetty.io.AbstractConnection$1.run(AbstractConnection.java:505)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536)
at java.lang.Thread.run(Thread.java:744)
2014-02-15 16:31:54,189 [ERROR] dk.itst.oiosaml.sp.service.DispatcherServlet - Unable to validate Response
java.lang.IllegalArgumentException: Parameter 'SAMLart' is null...
at dk.itst.oiosaml.sp.service.util.ArtifactExtractor.extract(ArtifactExtractor.java:78)
at dk.itst.oiosaml.sp.service.SAMLAssertionConsumerHandler.handleGet(SAMLAssertionConsumerHandler.java:110)
at dk.itst.oiosaml.sp.service.DispatcherServlet.doGet(DispatcherServlet.java:182)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:696)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1568)
at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:164)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1539)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:524)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:568)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1110)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:453)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1044)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:199)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:459)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:280)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:229)
at org.eclipse.jetty.io.AbstractConnection$1.run(AbstractConnection.java:505)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536)
at java.lang.Thread.run(Thread.java:744)

Hi Nitin

I think you have a better chance of getting a response to your question, if you ask it in context of the ressource in question: http://digitaliser.dk/resource/2582561 in the SAML-group.

This group has to do with the general use of Digitalisér.dk.

Hope you'll get your problem solved!

/m