cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From DrBrain <>
Subject JAX-RS SAML Web SSO - Validating SAML Response in OSGi
Date Tue, 04 Jul 2017 14:41:42 GMT
- CXF 3.1.8
- Karaf 4.0.9
- JDK 1.8.x

I'm following the example on
and everything's working fine up to the point where I need to validate the
SAML response I get back from the IdP. The problem seems to lie to the fact
that RequestAssertionConsumerService ends up using a SignatureValidator
(provided by which in turn tries to
find a signature validation provider using
ServiceLoader.load(SignatureValidationProvider.class) - which AFAIK will
never work in OSGi with no additional 'tricks'.

Here's the calling sequence:

And here's the problematic code (last call above):

Now, I'm pretty much aware of the problems of SPI + OSGi as well as possible
remedies using something like Aries SPI Fly *on your own code*. However,
since I - obviously - don't control the above code, trying to "SPIfy" it
myself means I end up with custom JARs, custom Karaf features to include
those JARs, etc. - not a nice place to be :)

So, I'm wondering whether I'm missing some obvious thing/workaround here...
Any ideas welcome :)


View this message in context:
Sent from the cxf-user mailing list archive at

View raw message