Re[2]: [Lucee] SAML - consume assertion error

On what line is it erroring?On 21 May 2015 at 18:03, Stefan Wendin <@Stefan_Wendin> wrote:

Hi,

Thanks for the reply. The script I´m using is below. For test purposes I
am setting the variable SAMLResponse with the SAML assertion:

xmlResponse=CharsetEncode(BinaryDecode(SAMLResponse,"Base64") ,"utf-8"); docElement = XmlParse(xmlResponse).getDocumentElement();

responseID =
docElement.getAttributes().getNamedItem(‘ID’).getTextContent();
//writedump(xmlResponse);
//IdP is signing the SAML Response using a “non standard” ID attribute,
which is only supported in DOM3 and XMLBeans does not support DOM3
//the Assertion ID must be registerd before Signature Validation
idResolver = CreateObject(“Java”,
“org.apache.xml.security.utils.IdResolver”);

assertionElement =
docElement.getElementsByTagNameNS(“urn:oasis:names:tc:SAML:2.0:assertion”,
“Assertion”).item(0);
attrStore = assertionElement.getAttributes();
idAttr = CreateObject(“Java”,“org.w3c.dom.Attr”);
idAttr = attrStore.getNamedItem(“ID”);

idResolver.registerElementById(assertionElement, idAttr);

SignatureConstants=CreateObject( “Java”,
“org.apache.xml.security.utils.Constants”);
SignatureSpecNS=SignatureConstants.SignatureSpecNS;
//Must initiate only first time
SecInit = CreateObject(“Java”,
“org.apache.xml.security.Init”).Init().init();
xmlSignatureClass = CreateObject(“Java”,
“org.apache.xml.security.signature.XMLSignature”);
signature = XMLSignatureClass.init(docElement.getElementsByTagNameNS("
http://www.w3.org/2000/09/xmldsig##","Signature").item(0),
javacast(“string”,""));

// Verify Signature
isValid = signature.checkSignatureValue(x509cert);

//Extract conditions
conditionElement =
docElement.getElementsByTagName(“saml:Conditions”).item(0);
conditions = conditionElement.getAttributes();
before = conditions.getNamedItem(“NotBefore”).getNodeValue();
after = conditions.getNamedItem(“NotOnOrAfter”).getNodeValue();

// Extract User
attributesElement =
docElement.getElementsByTagName(“saml:AttributeStatement”).item(0);
attributes = attributesElement.getAttributes();

ssouser = StructNew();
for (
attNo = 0 ;
attNo LT attributesElement.getLength() ;
attNo = (attNo + 1)
){
name =
attributesElement.item(attNo).getAttributes().getNamedItem(‘Name’).getTextContent();
value = attributesElement.item(attNo).item(0).getTextContent();
ssouser[name] = value;
}

Best Regards,

Stefan WendinSenior Software Developer


*Software for Knowledge Management & *Competitive Intelligence

Comintelli®
Kista Science Tower | S-164 51 Kista, Sweden
Internet:www.comintelli.com http://www.comintelli.com/
E-mail:@Stefan_Wendin <@Stefan_Wendin>
Mobile: +46 70 269 95 01| Skype: stefanw70

------ Originalmeddelande ------
Från: “Dominic Watson” <@Dominic_Watson>
Till: lucee@googlegroups.com
Skickat: 2015-05-21 18:29:04
Ämne: Re: [Lucee] SAML - consume assertion error

We’ll need some code I think to be able to help. I’ve done some SAML2
work so might have some clue. I imagine however that its not related to
that. Could you post the code that your using to process the incoming
assertion request with?

Dominic

On 21 May 2015 at 13:50, Stefan Wendin <@Stefan_Wendin> wrote:

I have an SAML test page that used to work in Coldfusion. What I do is to
handle the POSTed assertion, validate the signature based on public key. In
Lucee it generates an error message in my log file as seen below:

Error occured trying to extract assertion data… The Reference for URI
#dcaff33285ac6a7aba31ed254627dfce has no XMLSignatureInput; ;
samlAssertionXML: PHNhbWx…

I added xmlsec.jar to Lucee which I also did on CF. Anyone experiencing
the same issue?

Regards //Stefan


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/ebef7fce-9bdf-46ba-ada2-3ce930d5ef17%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


Pixl8 Interactive, 3 Tun Yard, Peardon Street, London
SW8 3HT, United Kingdom

T: +44 [0] 845 260 0726• W: http://www.pixl8.co.uk/• E: info@pixl8.co.uk
Follow us on: Facebook http://www.facebook.com/pixl8 Twitter
http://www.twitter.com/pixl8 LinkedIn http://www.linkedin.com/pixl8 CONFIDENTIAL
AND PRIVILEGED - This e-mail and any attachment is intended solely for the
addressee, is strictly confidential and may also be subject to legal,
professional or other privilege or may be protected by work product
immunity or other legal rules. If you are not the addressee please do not
read, print, re-transmit, store or act in reliance on it or any
attachments. Instead, please email it back to the sender and then
immediately permanently delete it. Pixl8 Interactive Ltd Registered in
England. Registered number: 04336501. Registered office: 8 Spur Road,
Cosham, Portsmouth, Hampshire, PO6 3EB


You received this message because you are subscribed to a topic in the
Google Groups “Lucee” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/lucee/xWkoeVTMNEY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/CAEYvUx%3DpZZeGEtNCjucMaNPZ8B1T57n653g3bjsSBTmbRFsFfQ%40mail.gmail.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/em1c10c468-15b3-476a-86f6-7b76fd596033%40stefan-omen
https://groups.google.com/d/msgid/lucee/em1c10c468-15b3-476a-86f6-7b76fd596033%40stefan-omen?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.


Pixl8 Interactive, 3 Tun Yard, Peardon Street, London
SW8 3HT, United Kingdom

T: +44 [0] 845 260 0726• W: www.pixl8.co.uk• E: info@pixl8.co.uk
Follow us on: Facebook http://www.facebook.com/pixl8 Twitter
http://www.twitter.com/pixl8 LinkedIn
http://www.linkedin.com/pixl8CONFIDENTIAL
AND PRIVILEGED - This e-mail and any attachment is intended solely for the
addressee, is strictly confidential and may also be subject to legal,
professional or other privilege or may be protected by work product
immunity or other legal rules. If you are not the addressee please do not
read, print, re-transmit, store or act in reliance on it or any
attachments. Instead, please email it back to the sender and then
immediately permanently delete it. Pixl8 Interactive Ltd Registered in
England. Registered number: 04336501. Registered office: 8 Spur Road,
Cosham, Portsmouth, Hampshire, PO6 3EB