According to SAML 2.0, a RequestAbstractType is defined in the following way:
<complexType name="RequestAbstractType" abstract="true">
<sequence>
<element ref="saml:Issuer" minOccurs="0"/>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="samlp:Extensions" minOccurs="0"/>
</sequence>
<attribute name="ID" type="ID" use="required"/>
<attribute name="Version" type="string" use="required"/>
<attribute name="IssueInstant" type="dateTime" use="required"/>
<attribute name="Destination" type="anyURI" use="optional"/>
<attribute name="Consent" type="anyURI" use="optional"/>
</complexType>
What I'm interested in is the Extensions element, which is defined as:
<element name="Extensions" type="samlp:ExtensionsType"/>
<complexType name="ExtensionsType">
<sequence>
<any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
</sequence>
</complexType>
How would I add/implement such an extension? I have no clue how to extend the RequestAbstractType.
The element allows you to include anything you want within it. Adding and processing of any data within that element would depend on your SAML product.
To give you an example of how it's used, here's a spec that leveraged it: http://docs.oasis-open.org/security/saml/SpecDrafts-Post2.0/sstc-saml-protocol-ext-rac.pdf
Related
I created a brand-new Service Fabric app with a single StatelessService. I expected the service to be instantiated on all five nodes (see my ApplicationManifest.xml file, below), but for some reason it always instantiates on Node 1. Any help in this regard would be greatly appreciated.
<?xml version="1.0" encoding="utf-8"?>
<ApplicationManifest xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ApplicationTypeName="AlgoistsType" ApplicationTypeVersion="1.0.0" xmlns="http://schemas.microsoft.com/2011/01/fabric">
<Parameters>
<Parameter Name="TradeSafe_ASPNETCORE_ENVIRONMENT" DefaultValue="" />
<Parameter Name="TradeSafe_MinReplicaSetSize" DefaultValue="3" />
<Parameter Name="TradeSafe_PartitionCount" DefaultValue="1" />
<Parameter Name="TradeSafe_TargetReplicaSetSize" DefaultValue="3" />
<Parameter Name="FrontEnd_ASPNETCORE_ENVIRONMENT" DefaultValue="" />
<Parameter Name="FrontEnd_InstanceCount" DefaultValue="-1" />
</Parameters>
<ServiceManifestImport>
<ServiceManifestRef ServiceManifestName="TradeSafePkg" ServiceManifestVersion="1.0.0" />
<ConfigOverrides />
<EnvironmentOverrides CodePackageRef="code">
<EnvironmentVariable Name="ASPNETCORE_ENVIRONMENT" Value="[TradeSafe_ASPNETCORE_ENVIRONMENT]" />
</EnvironmentOverrides>
</ServiceManifestImport>
<ServiceManifestImport>
<ServiceManifestRef ServiceManifestName="FrontEndPkg" ServiceManifestVersion="1.0.0" />
<ConfigOverrides />
<EnvironmentOverrides CodePackageRef="code">
<EnvironmentVariable Name="ASPNETCORE_ENVIRONMENT" Value="[FrontEnd_ASPNETCORE_ENVIRONMENT]" />
</EnvironmentOverrides>
</ServiceManifestImport>
<DefaultServices>
<Service Name="FrontEnd" ServicePackageActivationMode="ExclusiveProcess">
<StatelessService ServiceTypeName="FrontEndType" InstanceCount="[FrontEnd_InstanceCount]">
<SingletonPartition />
</StatelessService>
</Service>
</DefaultServices>
</ApplicationManifest>
I am using the Spring SAML library.
When I generated SP's metadata, sometimes IP address of the server is used for AssertionConsumerService.
ex. I get something like this:
<md:AssertionConsumerService Binding="bindings:HTTP-POST" Location="http://12.34.56.78:8000/saml/SSO"/>
But sometimes the DNS address of the same server is used instead of 12.34.56.78.
My question is: How is AssertionConsumerService address generated?
Really, that AssertionConsumerService is just a URI, which is like this:
scheme:[//[user[:password]#]host[:port]][/path][?query][#fragment]
And DNS is just a alias to the IP, so as long as the endpoint can be used for SAML communication, IP or DNS both should work.
Another thing to note is since SAML communication needs secure channel, so https should be used instead of http for production.
Some XSD reference for this:
<element name="AssertionConsumerService" type="md:IndexedEndpointType"/>
<complexType name="IndexedEndpointType">
<complexContent>
<extension base="md:EndpointType">
<attribute name="index" type="unsignedShort" use="required"/>
<attribute name="isDefault" type="boolean" use="optional"/>
</extension>
</complexContent>
</complexType>
<complexType name="EndpointType">
<sequence>
<any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Binding" type="anyURI" use="required"/>
<attribute name="Location" type="anyURI" use="required"/>
<attribute name="ResponseLocation" type="anyURI" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
Here is my XSD
<element name="FirstName" minOccurs="1" maxOccurs="1" >
<simpleType>
<restriction base="string">
<length value="5"></length>
</restriction>
</simpleType>
</element>
when post a request through SOAP UI, not validating that restriction at all. I am not sure what's wrong in my code
Hello thank you for reading this question. I have orient db set up and would like to add a second server and have them replicate between each other. When one goes on its own it runs fine and I have been using it for months. When enabling the hazelcast plugin, the servers start communicating, and I can see they start to talk to each other. An error happens when they try to write to each other though. This is the same issue discussed here:
https://groups.google.com/forum/#!topic/orient-database/QpZPG4y_KpU
For what its worth, I have both of these servers deployed on the same machine, each with their own embedded database. The database paths are plocal:/home/chris/dbs/db2 and plocal:/home/chris/dbs/db1
2015-10-08 08:56:14:048 INFO [db2-orient] Saving distributed configuration file for database 'db' to: ./databases/db/distributed-config.json [OHazelcastPlugin]
2015-10-08 08:56:14:049 INFO [db2-orient] received new status idp2-orient.idp=SYNCHRONIZING [OHazelcastPlugin]
2015-10-08 08:56:18:054 WARNING [db2-orient]->[[db1-orient]] requesting deploy of database 'db' on local server... [OHazelcastPlugin]
Then on the other server, the one that started first, I see
[OHazelcastPlugin]{db=db} [db1-orient]<-[db2-orient] error on executing distributed request 0: deploy_db
com.orientechnologies.orient.server.distributed.ODistributedException: Distributed storage was not installed for database 'db'. Implementation found: com.orientechnologies.orient.core.storage.impl.local.paginated.OLocalPaginatedStorage
at com.orientechnologies.orient.server.hazelcast.OHazelcastPlugin.executeOnLocalNode(OHazelcastPlugin.java:745)
at com.orientechnologies.orient.server.hazelcast.ODistributedWorker.onMessage(ODistributedWorker.java:298)
at com.orientechnologies.orient.server.hazelcast.ODistributedWorker.run(ODistributedWorker.java:121)
I put a breakpoint on the line that throws that exception, and the storage type present at that time is indeed OLocalPaginatedStorage. My orientDB version is 2.0.15.
My distributed config. (Same on both servers)
{
"autoDeploy": true,
"hotAlignment": false,
"executionMode": "undefined",
"readQuorum": 1,
"writeQuorum": 2,
"failureAvailableNodesLessQuorum": false,
"readYourWrites": true,
"clusters": {
"internal": {
},
"index": {
},
"*": {
"servers" : [ "<NEW_NODE>" ]
}
}
}
This is how I start my server. It is embedded, and started via a java application.
OServer server = OServerMain.create(true);
OPartitionedDatabasePool pool = server.startup(config.toString()).activate().getDatabasePoolFactory().get(dbPath, OUser.ADMIN, OUser.ADMIN);
The config the server uses to start up is this
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<orient-server>
<handlers>
<handler class="com.orientechnologies.orient.server.hazelcast.OHazelcastPlugin">
<parameters>
<parameter name="nodeName" value="db2-orient" />
<parameter name="enabled" value="true" />
<parameter name="configuration.db.default" value="${orientDBConfigs}/orientdb-default-distributed-db-config.json" />
<parameter name="configuration.hazelcast" value="${orientDBConfigs}/orientdb-hazelcast.xml" />
<parameter name="conflict.resolver.impl" value="com.orientechnologies.orient.server.distributed.conflict.ODefaultReplicationConflictResolver" />
<parameter name="sharding.strategy.round-robin" value="com.orientechnologies.orient.server.hazelcast.sharding.strategy.ORoundRobinPartitioninStrategy" />
</parameters>
</handler>
<handler class="com.orientechnologies.orient.server.handler.OAutomaticBackup">
<parameters>
<parameter name="enabled" value="false" />
<parameter name="delay" value="4h" />
<parameter name="target.directory" value="backup" />
<parameter name="target.fileName" value="${DBNAME}-${DATE:yyyyMMddHHmmss}.json" />
<parameter name="db.include" value="" />
<parameter name="db.exclude" value="" />
</parameters>
</handler>
<handler class="com.orientechnologies.orient.server.plugin.mail.OMailPlugin">
<parameters>
<parameter name="enabled" value="false" />
<parameter name="profile.default.mail.smtp.host" value="localhost" />
<parameter name="profile.default.mail.smtp.port" value="25" />
<parameter name="profile.default.mail.smtp.auth" value="true" />
<parameter name="profile.default.mail.smtp.starttls.enable" value="true" />
<parameter name="profile.default.mail.smtp.user" value="" />
<parameter name="profile.default.mail.smtp.password" value="" />
<parameter name="profile.default.mail.date.format" value="yyyy-MM-dd HH:mm:ss" />
</parameters>
</handler>
<handler class="com.orientechnologies.orient.server.handler.OServerSideScriptInterpreter">
<parameters>
<parameter name="enabled" value="false" />
</parameters>
</handler>
</handlers>
<network>
<protocols>
<protocol name="binary" implementation="com.orientechnologies.orient.server.network.protocol.binary.ONetworkProtocolBinary" />
</protocols>
<listeners>
<listener protocol="binary" ip-address="0.0.0.0" port-range="2424-2430" />
</listeners>
<cluster>
</cluster>
</network>
<storages>
<storage name="${dbName}" path="${dbPath}" loaded-at-startup="true" />
</storages>
<users>
<user name="root" password="root" resources="*"/>
</users>
<properties>
<entry name="db.pool.min" value="1" />
<entry name="db.pool.max" value="20" />
<entry name="cache.level1.enabled" value="false" />
<entry name="cache.level1.size" value="1000" />
<entry name="cache.level2.enabled" value="true" />
<entry name="cache.level2.size" value="1000" />
<entry name="profiler.enabled" value="true" />
<entry name="log.console.level" value="info" />
<entry name="log.file.level" value="fine" />
<entry name="plugin.dynamic" value="false"/>
</properties>
Thanks again.
as wolf4ood pointed out, the storage type is replaced by the hazelcast plugin in the hazelcast plugin's onOpen method. Paginated storage gets switched to Distributed. This replacement does not happen if the path doesnt start with "plocal:./databases". Solution: make the path start with that. I have no idea if this is a good idea or not. That check seems to be in there for a reason, the comments in the code seem to indicate something about running on the same jvm.
Please help as writing multiple Segment throws error
"A segment of indeterminate size may not follow another component of indeterminate size"
Sample XML config is
<field name="noOfShipmentContents" type="Integer" />
<segment name="shipmentContentsPart2"
class="com.ShipmentContentsPart2"
collection="list" minOccurs="1" maxOccurs="unbounded">
<field name="shipmentContents" type="String" nillable="true" />
</segment>
<field name="noOfSpecialServices" type="Integer" />
<segment name="specialServicesPart3"
class="com.SpecialServicePart3"
collection="list" minOccurs="0" maxOccurs="unbounded">
<field name="chrgServCode" type="String" nillable="true" />
<field name="chrgAmt" type="String" nillable="true" />
</segment>
</record>
beanio.jar version 2.0.7 and 2.1.0 Both gives same error
What JDK version?
1.6.0.35
Got answer from developer of beanIO Kevin (Thanks) to use occursRef="[name of field]" on segments whose occurrences depend on a preceding field in the same record.
Trick is configuring
<field name="noOfSpecialServices" type="Integer" />
<segment name="specialServicesPart3" class="com.SpecialServicePart3"
collection="list" occursRef="noOfSpecialServices">
This feature is available in beanIO2.1.x