Global security configuration in OpenSAML 3.0+

Question

I'm upgrading OpenSAML in a Java 8 project from v 2.6.1 to 3.3.1 A lot of code compilation errors are fixable pretty easy but I'm stuck at a certain point.

If we use a signing Algorithm we had previously following code:

KeyPair signingKeyPair = parseKeyPair(properties.getProperty("signingKey"), properties.getProperty("signingKeyPassword"));
signingCredential = createCredential(signingKeyPair, serviceProviderID, UsageType.SIGNING);
if (properties.getProperty("signingAlgorithm") != null) {
    SecurityConfiguration securityConfiguration = Configuration.getGlobalSecurityConfiguration();
    if (securityConfiguration instanceof BasicSecurityConfiguration && "RSA".equals(signingCredential.getPublicKey().getAlgorithm())) {
               ((BasicSecurityConfiguration) securityConfiguration).registerSignatureAlgorithmURI("RSA", properties.getProperty("signingAlgorithm"));
    }
}

In OpenSAML 3.0+ the line Configuration.getGlobalSecurityConfiguration(); doesn't compile anymore. How do I get the global security configuration in OpenSAML 3.0+?

Answer 1

Disclaimer: I have not used these security configuration classes before, but I have some experience upgrading from OpenSAML 2.x to 3.x and digging around in the OpenSAML docs and source to find my way.

I hope this will get you started:

// initializes the various security configurations
GlobalSecurityConfigurationInitializer.init();

// fetches the various security configurations
DecryptionConfiguration dc = SecurityConfigurationSupport.getGlobalDecryptionConfiguration();
EncryptionConfiguration ec = SecurityConfigurationSupport.getGlobalEncryptionConfiguration();
SignatureSigningConfiguration ssc = SecurityConfigurationSupport.getGlobalSignatureSigningConfiguration();
SignatureValidationConfiguration svc = SecurityConfigurationSupport.getGlobalSignatureValidationConfiguration();

I'm not sure which of those configurations holds the functionality you need, but here are the Javadocs with some additional detail:

• DecryptionConfiguration / BasicDecryptionConfiguration
• EncryptionConfiguration / BasicEncryptionConfiguration
• SignatureSigningConfiguration / BasicSignatureSigningConfiguration
• SignatureValidationConfiguration / BasicSignatureValidationConfiguration

You can also check out the OpenSAML source; specifically, the DefaultSecurityConfigurationBootstrap class is where a lot of this gets set up.