Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-686

SAML metadata parser does not recognize EncryptionMethod elements

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: PLINK_2.7.0.CR3
    • Fix Version/s: PLINK_2.7.0.Final
    • Component/s: SAML
    • Labels:
      None
    • Environment:

      WildFly 8.2 Final, PicketLink 2.7.0-SNAPSHOT (962d6c83938d8ab56df9561a123c18f22e6686ef), TestShib as SAML IdP

      Description

      Using the TestShib metadata, the metadata parsing (using SPPostMetadataConfigurationProvider in my case) fails with this error: "PL00066: Parser : Expected end tag:RequestAbstract or XACMLAuthzDecisionQuery."

      Stepping through the code, the error is thrown from the StaxParserUtil#validate method in this block in SAMLEntityDescriptorParser:

                  } else if (JBossSAMLConstants.KEY_DESCRIPTOR.get().equalsIgnoreCase(localPart)) {
                      KeyDescriptorType keyDescriptor = new KeyDescriptorType();
                      startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
      
                      Element key = StaxParserUtil.getDOMElement(xmlEventReader);
                      keyDescriptor.setKeyInfo(key);
      
                      EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
                      StaxParserUtil.validate(endElement, JBossSAMLConstants.KEY_DESCRIPTOR.get());
      
                      attributeAuthority.addKeyDescriptor(keyDescriptor);
                  }
      

      The issue seems to be that SAMLEntityDescriptorParser does not recognize the EncryptionMethod element, which is defined in the SAML 2.0 metadata schema:

          <complexType name="KeyDescriptorType">
              <sequence>
                  <element ref="ds:KeyInfo"/>
                  <element ref="md:EncryptionMethod" minOccurs="0" maxOccurs="unbounded"/>
              </sequence>
              <attribute name="use" type="md:KeyTypes" use="optional"/>
          </complexType>
      

      This issue seems to have been previously reported as part of PLINK-178.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                pcraveiro Pedro Igor Silva
                Reporter:
                atomicknight Abraham Lin
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: