2

I am trying to decrypt a xbox saml2 token in java using opensaml. Here are the steps i am trying to follow 1. convert the saml2 token xml to a saml2 object 2. validate the signature 3. decrypt the object

I am running into exceptions during unmarshalling of the saml2 xml. The code is unable to find an unmarshaller.

Token sample saml2 xml.

 <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" /> 
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
</e:EncryptionMethod>
<KeyInfo>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<X509Data>
<X509IssuerSerial>
<X509IssuerName>CN=LVISPXBOX01.istreamplanet.isp</X509IssuerName> 
<X509SerialNumber>26119146566321683660382502106101553957</X509SerialNumber> 
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue></e:CipherValue> 
</e:CipherData>
</e:EncryptedKey>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>token value</xenc:CipherValue> 
</xenc:CipherData>
</xenc:EncryptedData>

Code Used to unmarshall

private String decryptSAML(String filePath){


        try {

            DefaultBootstrap.bootstrap();
            InputStream in = getClass().getResourceAsStream(filePath);
         // Get parser pool manager
            BasicParserPool ppMgr = new BasicParserPool();
            ppMgr.setNamespaceAware(true);
            Document inCommonMDDoc = ppMgr.parse(in);
            Element metadataRoot = inCommonMDDoc.getDocumentElement();

            System.out.println("First element of InCommon data was not expected EntitiesDescriptor"+metadataRoot.toString());

         // Get apropriate unmarshaller
         UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
         Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(metadataRoot);
         System.out.println("unmarshaller" +unmarshaller);
         EncryptedAssertion encryptedAssertion = (EncryptedAssertion)unmarshaller.unmarshall(metadataRoot);


           List<EncryptedKey> encList=encryptedAssertion.getEncryptedKeys();


    System.out.println("encList "+encList.isEmpty());
     System.out.println("encList "+encList.size());
    for(EncryptedKey encryptedKey:encList){
        System.out.println(encryptedKey);
    }
        } catch (XMLParserException xe) {
            System.err.println("Unable to parse XML file: " + xe);
        } catch (UnmarshallingException ue) {
            System.err.println("Unable to unmarshall XML: " + ue);
        }



        return null;

    }

I am unable to extract any encrypted keys from this. What am i doing wrong

The unmarshallerFactory is unable to find a marshaller. its returned as null.

I would really appreciate if any one could help me with this. Documentation seems sparse on this.

Viiveek Sankar
  • 63
  • 1
  • 2
  • 6
  • I think the sample unmarshal code you have there is for parsing SAML metadata (judging by the naming of variables) not for WSS security tokens. Have a look at [Apache WSS4J](http://ws.apache.org/wss4j/). – martijno Aug 28 '12 at 20:18
  • Apache WSS4J only supports saml 1.0 – Viiveek Sankar Sep 10 '12 at 21:12
  • [Really](http://coheigea.blogspot.nl/2011/02/support-for-saml2-assertions-in-wss4j.html)? Or do you refer to the SAML token profile version, that seems to be [1.1](http://ws.apache.org/wss4j/). – martijno Sep 11 '12 at 08:33

0 Answers0