Search code examples
javasamlsaml-2.0opensaml

How to use opensaml v3? There is little to no documentation and v2 is EOL

Is there an end to end example of using Open SAML library v3? I can't find any documentation and as per https://wiki.shibboleth.net/confluence/display/OpenSAML/Home the v2 is EOL.

I'm using following code to get SAML assertion- 

  private UnmarshallerFactory unmarshallerFactory;
  private DocumentBuilder docBuilder;

  @PostConstruct
  public void init() {

    try {
      InitializationService.initialize();
      DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
      documentBuilderFactory.setNamespaceAware(true);
      docBuilder = documentBuilderFactory.newDocumentBuilder();
      unmarshallerFactory = XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
    } catch (Exception e){
      logger.error("Error: ",e);
    }
  }

  public Assertion getSamlAssertion(String samlResponse)
      throws IOException, XMLParserException, UnmarshallingException, SAXException {

    Document document = docBuilder.parse(new StringInputStream(samlResponse));

    Element element = document.getDocumentElement();
    Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
    XMLObject responseXmlObj = unmarshaller.unmarshall(element);
    Response response = (Response) responseXmlObj;
    return response.getAssertions().get(0);

  }

My POM- 

         <dependency>
            <groupId>org.opensaml</groupId>
            <artifactId>opensaml-core</artifactId>
            <version>3.2.0</version>
        </dependency>


        <dependency>
            <groupId>org.opensaml</groupId>
            <artifactId>opensaml-saml-api</artifactId>
            <version>3.2.0</version>
        </dependency>

The problem is that I am getting null for unmarshaller . I've verified that the samlResponse is valid

Solution

  • You have to include the implementation in your POM.

    <dependency>
    <groupId>org.opensaml</groupId>
    <artifactId>opensaml-saml-impl</artifactId>
    <version>3.2.0</version>
</dependency>

    One of the things that is done in version 3 is to split the library into many different modules.

    Yes, the documentation is a problem. But as I understand, the developer team is aware of that. In the meanwhile, I have written a book on the subject, A Guide to OpenSAML V3. It walks through the use of OpenSAML and the changes in V3.