Hello,
I tried to get Picketlink 1.04 working on a Novell Access Manager IDP. I did not work out of box as the IDP returned the <AuthnStatement> before the <AttributeStatement> and the code in SAML2AuthenticationHandler did not expect this. As the xsd does permit this swap I changed the code to the following;
//Let us get the roles
for(int i = 0 ; i < assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().size() ; i++)
{
Object s = assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().get(i) ;
if (s instanceof AttributeStatementType)
{
AttributeStatementType attributeStatement = (AttributeStatementType) s ;
List<Object> attList = attributeStatement.getAttributeOrEncryptedAttribute();
for(Object obj:attList)
{
AttributeType attr = (AttributeType) obj;
List<Object> attributeValues = attr.getAttributeValue();
if( attributeValues != null)
{
for( Object attrValue : attributeValues )
{
if( attrValue instanceof String )
{
roles.add( (String) attrValue );
}
else if( attrValue instanceof Node )
{
Node roleNode = (Node) attrValue;
roles.add( roleNode.getFirstChild().getNodeValue() );
}
else throw new RuntimeException( "Unknown role object type : " + attrValue );
}
}
}
}
}
I loop through all sections and only parse the AttributeStatementType's.
Hopefully you can change this in the trunk and release it on 1.05 ? Let me know!
Thanks,
Edwin