I used Xfire (v1.2.6) to implement the Artifact Resolution Service at the IdP that the Service provider invokes once it receives the artifact posted to it. Since the OpenSAML library works with the raw xml document, one needs to configure xfire to prevent marshalling of the incoming xml to java POJOs. XFire has a cool way to work with raw xml documents, using a binding called as Message Binding. So the xfire service interface looks like:
public XMLStreamReader invoke(Document samlRequest) throws Exceptionand the OpenSAML library can then work with the DOM document using the XMLObjectBuilderFactory request factory.
Some quirks here - while returning the response, I had to return an object of type XMLStreamReader - I used W3CDOMStreamReader to convert to this type. Also, for getting SOAP faults correctly, the interface definition of the service had to throw the base "Exception"class and not a specific exception type.
While the implementation does add a bit of added complexity through the use of XFire, it works out pretty well and allows one to use these excellent libraries -XFire & OpenSAML 2.0 - together to leverage the best of both.
The solution is on its way into production this week - fingers crossed....:).
No comments:
Post a Comment