cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From DrBrain <nassosmic...@me.com>
Subject JAX-RS SAML Web SSO - Validating SAML Response in OSGi
Date Tue, 04 Jul 2017 14:41:42 GMT
Versions:
- CXF 3.1.8
- Karaf 4.0.9
- JDK 1.8.x

I'm following the example on http://cxf.apache.org/docs/saml-web-sso.html
and everything's working fine up to the point where I need to validate the
SAML response I get back from the IdP. The problem seems to lie to the fact
that RequestAssertionConsumerService ends up using a SignatureValidator
(provided by org.opensaml.xmlsec.signature.support) which in turn tries to
find a signature validation provider using
ServiceLoader.load(SignatureValidationProvider.class) - which AFAIK will
never work in OSGi with no additional 'tricks'.

Here's the calling sequence:

And here's the problematic code (last call above):


Now, I'm pretty much aware of the problems of SPI + OSGi as well as possible
remedies using something like Aries SPI Fly *on your own code*. However,
since I - obviously - don't control the above code, trying to "SPIfy" it
myself means I end up with custom JARs, custom Karaf features to include
those JARs, etc. - not a nice place to be :)

So, I'm wondering whether I'm missing some obvious thing/workaround here...
Any ideas welcome :)


Thanks



--
View this message in context: http://cxf.547215.n5.nabble.com/JAX-RS-SAML-Web-SSO-Validating-SAML-Response-in-OSGi-tp5781687.html
Sent from the cxf-user mailing list archive at Nabble.com.

Mime
View raw message