I'm trying to support SAML authorization requests from a Google Search
Appliance. The appliance sends a non-standard SOAP message (multiple
children in the body of the request and the response).
Axis2 on the request side handles this - I can simply do the following to
get all the <AuthzDecisionQuery> children of the SOAP Body.
public OMElement authorize(OMElement authzElement){
Iterator iter = authzElement.getParent().getChildren();
Object o;
try {
while (iter.hasNext()) {
o = iter.next();
if (o instanceof OMElement) {
authzElement = (OMElement) o;
if (authzElement==null) {
break;
}
if
(authzElement.getLocalName().equals("AuthzDecisionQuery")) {
// provide an authorization decision
}
}
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return authzElement;
}
My problem is that I need to respond with a corresponding number of
<Response> nodes (1 for each AuthzDecisionQuery node).
I cannot find any way to accomplish this ?
I have not tried data binding as:
1. I haven't been able to get any data binding framework to handle the SAML
2.0 schema successfully
2. Being that this interface doesn't use SAML 2.0 but a non-standard SAML
(requiring multiple SOAP body children) I'm pretty sure that the binding
frameworks will choke even if I were to develop some custom schema
representing this Google interface.
Below are sample request/response.
I would be most appreciative of help.
Regards,
Jack
POST /authz HTTP/1.1
Host: ac.example.com
Content-Type: text/xml
SOAPAction: http://www.oasis-open.org/committees/security
Content-length: nnn
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<soapenv:Body>
<samlp:AuthzDecisionQuery
ID="kmigpcackfenaibdninipcnmkmajfplommhfapbk"
IssueInstant="2009-10-20T17:52:29Z"
Version="2.0"
Resource="http://www.example.com/document1.html";
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Subject>
<saml:NameID>Polly Hedra</saml:NameID>
</saml:Subject>
<saml:Action
Namespace="urn:oasis:names:tc:SAML:1.0:action:ghpp">
GET
</saml:Action>
</samlp:AuthzDecisionQuery>
<samlp:AuthzDecisionQuery
ID="laskdjklgjgueiuhsdkjhsfkjshfksjhgoiuoiwd"
IssueInstant="2009-10-20T17:52:29Z"
Version="2.0"
Resource="http://www.example.com/document2.html";
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Subject>
<saml:NameID>Polly Hedra</saml:NameID>
</saml:Subject>
<saml:Action
Namespace="urn:oasis:names:tc:SAML:1.0:action:ghpp">
GET
</saml:Action>
</samlp:AuthzDecisionQuery>
</soapenv:Body>
</soapenv:Envelope>
HTTP/1.1 200 OK
Content-Type: text/xml
Content-Length: nnn
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
<soapenv:Body>
<samlp:Response
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="blahblah"
Version="2.0"
IssueInstant="2009-10-08T14:38:05Z">
<samlp:Status>
<samlp:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion
Version="2.0"
ID="kmigpcackfenaibdninipcnmkmajfplommhfapbk"
IssueInstant="2004-10-08T14:38:05Z">
<saml:Issuer>example.com</saml:Issuer>
<saml:Subject>
<saml:NameID>Polly Hedra</saml:NameID>
</saml:Subject>
<saml:AuthzDecisionStatement
Resource="http://www.example.com/document1.html";
Decision="Permit">
<saml:Action
Namespace="urn:oasis:names:tc:SAML:1.0:action:ghpp">
GET
</saml:Action>
</saml:AuthzDecisionStatement>
</saml:Assertion>
</samlp:Response>
<samlp:Response
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="blahblah"
Version="2.0"
IssueInstant="2009-10-08T14:38:05Z">
<samlp:Status>
<samlp:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion
Version="2.0"
ID="laskdjklgjgueiuhsdkjhsfkjshfksjhgoiuoiwd"
IssueInstant="2004-10-08T14:38:05Z">
<saml:Issuer>example.com</saml:Issuer>
<saml:Subject>
<saml:NameID>Polly Hedra</saml:NameID>
</saml:Subject>
<saml:AuthzDecisionStatement
Resource="http://www.example.com/document2.html";
Decision="Permit">
<saml:Action
Namespace="urn:oasis:names:tc:SAML:1.0:action:ghpp">
GET
</saml:Action>
</saml:AuthzDecisionStatement>
</saml:Assertion>
</samlp:Response>
</soapenv:Body>
</soapenv:Envelope>
