I am trying to create a new authrequest using only opensaml and spring-security-saml-service-provider. I am getting the below error Caused by: org.opensaml.core.xml.io.MarshallingException: No marshaller available for {urn:oasis:names:tc:SAML:2.0:assertion}Issuer, child of {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest Here is the code snippet I have so far. package org.opensamlExample;
import java.nio.charset.StandardCharsets; import java.util.Base64; import java.util.HashMap; import java.util.Map;
import javax.xml.namespace.QName;
import org.opensaml.core.config.ConfigurationService; import org.opensaml.core.config.InitializationException; import org.opensaml.core.config.InitializationService; import org.opensaml.core.xml.config.XMLObjectProviderRegistry; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.core.xml.io.Marshaller; import org.opensaml.core.xml.io.MarshallingException; import org.opensaml.messaging.context.MessageContext; import org.opensaml.saml.common.messaging.context.SAMLEndpointContext; import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext; import org.opensaml.saml.common.xml.SAMLConstants; import org.opensaml.saml.saml2.core.AuthnRequest; import org.opensaml.saml.saml2.core.Issuer; import org.opensaml.saml.saml2.core.NameIDPolicy; import org.opensaml.saml.saml2.core.NameIDType; import org.opensaml.saml.saml2.core.impl.AuthnRequestBuilder; import org.opensaml.saml.saml2.core.impl.AuthnRequestMarshaller; import org.opensaml.saml.saml2.core.impl.IssuerBuilder; import org.opensaml.saml.saml2.core.impl.NameIDPolicyBuilder; import org.springframework.security.saml2.Saml2Exception; import org.springframework.security.saml2.core.OpenSamlInitializationService; import org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations; import org.springframework.web.util.UriComponentsBuilder; import org.w3c.dom.Element;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException; //import jakarta.servlet.http.HttpServletResponse; import net.shibboleth.utilities.java.support.security.impl.RandomIdentifierGenerationStrategy; import net.shibboleth.utilities.java.support.xml.BasicParserPool; import net.shibboleth.utilities.java.support.xml.ParserPool; import net.shibboleth.utilities.java.support.xml.SerializeSupport;
public class SecurityConfiguration {
public static AuthnRequest buildAuthRequest() {
RandomIdentifierGenerationStrategy securerandomgenerator = new RandomIdentifierGenerationStrategy();
AuthnRequestBuilder builder = new AuthnRequestBuilder();
AuthnRequest request= builder.buildObject();
request.setAssertionConsumerServiceURL("http://localhost:8080/samlResponse");
request.setDestination("https://dev-omtekjsu50kzoy13.us.auth0.com/samlp/HuW59mrq3kiGZBmvP9ZdZLil8qIL4o0y");
request.setProtocolBinding(SAMLConstants.SAML2_POST_BINDING_URI);
request.setID(securerandomgenerator.generateIdentifier());
// build issuer
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue("https://mySamlExampleSP.com:8080");
request.setIssuer(issuer);
//build nameid policy
NameIDPolicy nameIDPolicy = new NameIDPolicyBuilder().buildObject();
nameIDPolicy.setAllowCreate(false);
nameIDPolicy.setFormat(NameIDType.TRANSIENT);
request.setNameIDPolicy(nameIDPolicy);
MessageContext context = new MessageContext();
context.setMessage(request);
SAMLPeerEntityContext peerEntityContext = context.getSubcontext(SAMLPeerEntityContext.class, true);
SAMLEndpointContext endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true);
return request;
//endpointContext.setEndpoint();
}
public static AuthnRequest initializeOpensaml() {
OpenSamlInitializationService.initialize();
AuthnRequest request = buildAuthRequest();
return request;
}
public static void main(String[] args) {
AuthnRequest request=initializeOpensaml();
generateAuthRequest(request);
}
public static void generateAuthRequest(AuthnRequest authnRequest) {
RelyingPartyRegistration registration = RelyingPartyRegistrations.fromMetadataLocation("classpath:asserting-party-metadata.xml")
.registrationId("samlExample")
.singleLogoutServiceResponseLocation("{baseUrl}/logout/saml2/slo")
.nameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient")
.build();
Saml2RedirectAuthenticationRequest authenticationRequest= Saml2RedirectAuthenticationRequest.withRelyingPartyRegistration(registration)
.samlRequest(serialize(authnRequest)).
id(authnRequest.getID()).
build();
}
private static String serialize(AuthnRequest authnRequest) {
try {
XMLObjectProviderRegistry xmlObjectProviderRegistry = new XMLObjectProviderRegistry();
ConfigurationService.register(XMLObjectProviderRegistry.class, xmlObjectProviderRegistry);
xmlObjectProviderRegistry.setParserPool(getParserPool());
Marshaller marshallObj = xmlObjectProviderRegistry.getMarshallerFactory().getMarshaller(authnRequest);
AuthnRequestMarshaller marshaller = new AuthnRequestMarshaller();
Element element =marshaller.marshall(authnRequest); // Getting null marshaller here...
String xml =SerializeSupport.nodeToString(element);
String encoded = Base64.getEncoder().encodeToString(xml.getBytes(StandardCharsets.UTF_8));
return encoded;
}
catch (MarshallingException ex) {
throw new Saml2Exception(ex);
}
}
private static ParserPool getParserPool() {
//registering parser pool
}
Comment From: jzheaux
Thanks for getting in touch, @sasirekha98! It feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add more detail if you feel this is a genuine bug.