0 Replies Latest reply on Aug 3, 2015 8:09 AM by majkelxx

    InclusiveNamespaces PrefixList – proper way to set it up?

    majkelxx
    majkelxx Aug 3, 2015 8:09 AM

      [PicketLink 2.1.10.Final]

       

      When creating SAML token, I need to set up some namespaces to be in "InclusiveNamespaces PrefixList". They should be preserved by canonisation.

      I do not know how to tell picketlink to add them.

       

      I expect following result:

       

      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

        <ec:InclusiveNamespaces PrefixList="akond" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>

      </ds:CanonicalizationMethod>

      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

      <ds:Reference URI="#id-31">

      <ds:Transforms>

      <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

        <ec:InclusiveNamespaces PrefixList="akond" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>

      </ds:Transform>

      </ds:Transforms>

       

      I need to preserve namespaces which are not "visibly used":

       

         <saml:AttributeStatement>

             <saml:Attribute Name="auth-code">

                 <saml:AttributeValue xsi:type="akond:Code" xmlns:akond="http://schemas.akond.com/sec/500/2015/03/001" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">50360424</saml:AttributeValue>

             </saml:Attribute>


       

      I customize org.picketlink.identity.federation.core.wstrust.PicketLinkSTS

      to add our AttributeStatement then make standard postprocessing on default handler:


      WSTrustRequestHandler handler = this.config.getRequestHandler();

      (...)

      Document doc = handler.postProcess(asertion, request);


      Where/How to add InclusiveNamespaces ?

      • 963 Views
      • Tags: