How to use opensaml v3? There is little to no documentation and v2 is EOL

Question

Is there an end to end example of using Open SAML library v3? I can't find any documentation and as per https://wiki.shibboleth.net/confluence/display/OpenSAML/Home the v2 is EOL.

I'm using following code to get SAML assertion-

  private UnmarshallerFactory unmarshallerFactory;
  private DocumentBuilder docBuilder;

  @PostConstruct
  public void init() {

    try {
      InitializationService.initialize();
      DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
      documentBuilderFactory.setNamespaceAware(true);
      docBuilder = documentBuilderFactory.newDocumentBuilder();
      unmarshallerFactory = XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
    } catch (Exception e){
      logger.error("Error: ",e);
    }
  }

  public Assertion getSamlAssertion(String samlResponse)
      throws IOException, XMLParserException, UnmarshallingException, SAXException {

    Document document = docBuilder.parse(new StringInputStream(samlResponse));

    Element element = document.getDocumentElement();
    Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
    XMLObject responseXmlObj = unmarshaller.unmarshall(element);
    Response response = (Response) responseXmlObj;
    return response.getAssertions().get(0);

  }

My POM-

         <dependency>
            <groupId>org.opensaml</groupId>
            <artifactId>opensaml-core</artifactId>
            <version>3.2.0</version>
        </dependency>


        <dependency>
            <groupId>org.opensaml</groupId>
            <artifactId>opensaml-saml-api</artifactId>
            <version>3.2.0</version>
        </dependency>

The problem is that I am getting null for unmarshaller . I've verified that the samlResponse is valid

to the downvoter- care to explain what could I've done better to explain the question? — gauravphoenix, Nov 12 '16 at 03:00
I agree, I can't even find a "getting started" guide on this library. — Alic, Dec 14 '16 at 15:29

Stefan Rasmusson · Accepted Answer · 2018-04-26T11:21:26.613

4

You have to include the implementation in your POM.

<dependency>
    <groupId>org.opensaml</groupId>
    <artifactId>opensaml-saml-impl</artifactId>
    <version>3.2.0</version>
</dependency>

One of the things that is done in version 3 is to split the library into many different modules.

Yes, the documentation is a problem. But as I understand, the developer team is aware of that. In the meanwhile, I have written a book on the subject, A Guide to OpenSAML V3. It walks through the use of OpenSAML and the changes in V3.

edited Apr 26 '18 at 11:21

answered Nov 13 '16 at 07:24

Stefan Rasmusson

5,445
3
21
48

Unfortunately that guide is only good if you try to build an SP, not an IdP. – Kirill G. Dec 06 '18 at 09:31
Yes, sorry, I figured that this is what most people need – Stefan Rasmusson Dec 06 '18 at 21:16

How to use opensaml v3? There is little to no documentation and v2 is EOL

1 Answers1