locked
Web Service Snafu RRS feed

  • Question

  • I am trying to build a web service that supports a single signon transaction.  This would be using vb.net / framework v1.1.  The transaction is a SAML assertion request.

    I have all functionality coded, but I believe I need to use xml serialization to handle the request and deliver the required response (see request message below)

    Here is an example of the incoming message:

     <?xml version='1.0' encoding='UTF-8'?>
    <SOAP-ENV:Envelope
        xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/'
        
    xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' 
       
    xmlns:xsd='http://www.w3.org/2001/XMLSchema'>
        
    <SOAP-ENV:Body>
           
    <samlp:Request 
               
    xmlns:samlp='urn:oasis:names:tc:SAML:1.0:protocol' 
               
    IssueInstant='2006-05-04T18:04:02Z' 
               
    MajorVersion='1' 
               
    MinorVersion='1' 
               
    RequestID='ZX6adU11oGryohDfbB95' 
               
    xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion'>
                
    <samlp:AssertionArtifact>
                   
    AAFKRzg2RGZFbGV3a1BOV
                
    </samlp:AssertionArtifact>
            
    </samlp:Request>
        
    </SOAP-ENV:Body>
    </SOAP-ENV:Envelope>

    I tried building my vb class using xsd.exe - running agains the specified schema, but xsd.exe fails.

    Schema found at http://www.oasis-open.org/committees/download.php/3407/oasis-sstc-saml-schema-protocol-1.0.xsd

    xsd.exe fails on

    Schema validation warning: The 'urn:oasis:names:tc:SAML:1.0:assertion:Subject' element is not declared. An error occurred at schemas/oasis-sstc-saml-schema-protocol-1.0.xsd, (52, 7).

    Schema validation warning: The 'urn:oasis:names:tc:SAML:1.0:assertion:AttributeDesignator' element is not declared. An error occurred at schemas/oasis-sstc-saml-schema-protocol-1.0.xsd, (70, 7).

    Schema validation warning: The 'http://www.w3.org/2000/09/xmldsig#:Signature' element is not declared. An error occurred at schemas/oasis-sstc-saml-schema-protocol-1.0.xsd, (20, 5).

    Schema validation warning: The 'urn:oasis:names:tc:SAML:1.0:assertion:AssertionIDReference' element is not declared. An error occurred at schemas/oasis-sstc-saml-schema-protocol-1.0.xsd, (38, 7).

    Schema validation warning: The 'urn:oasis:names:tc:SAML:1.0:assertion:Action' element is not declared. An error occurred at schemas/oasis-sstc-saml-schema-protocol-1.0.xsd, (81, 7).

    Schema validation warning: The 'urn:oasis:names:tc:SAML:1.0:assertion:Evidence' element is not declared. An error occurred at schemas/oasis-sstc-saml-schema-protocol-1.0.xsd, (82, 7).

    Schema validation warning: The 'http://www.w3.org/2000/09/xmldsig#:Signature' element is not declared. An error occurred at schemas/oasis-sstc-saml-schema-protocol-1.0.xsd, (90, 5).

    Schema validation warning: The 'urn:oasis:names:tc:SAML:1.0:assertion:Assertion' element is not declared. An error occurred at schemas/oasis-sstc-saml-schema-protocol-1.0.xsd, (105, 7).

    Warning: Schema could not be validated. Class generation may fail or may produce incorrect results.

    Error: Error generating classes for schema 'oasis-sstc-saml-schema-protocol-1_0'

    - The element 'http://www.w3.org/2000/09/xmldsig#:Signature' is missing.

    I have no idea where to turn.  I am frustrated beyond measure because this seems like it should be so easy, yet I cannot for the life of me figure it out.  I must be getting old.

     

    Thursday, May 11, 2006 1:06 PM

Answers

  • The reason for this failure is that the set of schemas you are using is invalid, basically there is a reference to "urn:oasis:names:tc:SAML:1.0:assertion" namespace, but there is no schema with targetNamesapce="urn:oasis:names:tc:SAML:1.0:assertion" in the set.

    There are three schemas in the set:

    oasis-sstc-saml-schema-assertion-1.xsd

    oasis-sstc-saml-schema-protocol-1.xsd

    xmldsig-core-schema.xsd

     

    The oasis-sstc-saml-schema-assertion-1.xsd is imported using this import statement:

    <import schemaLocation="oasis-sstc-saml-schema-assertion-1.1.xsd" namespace="urn:oasis:names:tc:SAML:1.0:assertion" />

    Implying that its targetNamesapce is "urn:oasis:names:tc:SAML:1.0:assertion", but in reality it is targetNamespace="urn:oasis:names:tc:SAML:1.0:protocol".

     

    It is too bad that wsd.exe tool does not give a better error message.

     

    Thanks,

    Elena Kharitidi

    Sunday, August 6, 2006 7:25 AM
    Moderator

All replies

  • Could not import schema using XSD, so I built my serializer object by hand.

    I now have a working SAML Assertion Web Service.  For those of you looking for one, please feel free to send me an email and I will provide you with a shell of an assertion web service.

     

    Wednesday, July 19, 2006 2:24 AM
  • wats ur email i need it
    Wednesday, July 19, 2006 3:04 AM
  • The reason for this failure is that the set of schemas you are using is invalid, basically there is a reference to "urn:oasis:names:tc:SAML:1.0:assertion" namespace, but there is no schema with targetNamesapce="urn:oasis:names:tc:SAML:1.0:assertion" in the set.

    There are three schemas in the set:

    oasis-sstc-saml-schema-assertion-1.xsd

    oasis-sstc-saml-schema-protocol-1.xsd

    xmldsig-core-schema.xsd

     

    The oasis-sstc-saml-schema-assertion-1.xsd is imported using this import statement:

    <import schemaLocation="oasis-sstc-saml-schema-assertion-1.1.xsd" namespace="urn:oasis:names:tc:SAML:1.0:assertion" />

    Implying that its targetNamesapce is "urn:oasis:names:tc:SAML:1.0:assertion", but in reality it is targetNamespace="urn:oasis:names:tc:SAML:1.0:protocol".

     

    It is too bad that wsd.exe tool does not give a better error message.

     

    Thanks,

    Elena Kharitidi

    Sunday, August 6, 2006 7:25 AM
    Moderator
  • can you pls send me how to create a saml request using wse3.0.

      i have some free tools but they are very confusing to create a saml request.

      what i need is i need to generate a saml request with a 'user name' and 'password' so that a web service will take this request and send the response to me about the authentication.

     

     thanks

    Thursday, June 28, 2007 6:41 AM
  • Hi there!

     

    I'm looking into implementing an assertion web service and it would be great if you could send me your shell code. You'll find my e-mail address with my profile. Please remove the BlaBlas from the address.

     

    Regards

    // Andreas

    Wednesday, July 25, 2007 4:46 PM