Open vfraga opened 2 months ago
It should be possible to address this issue by changing the SAMLSSOManager::doBootstrap()
method to set the javax.xml.parsers.DocumentBuilderFactory
property before calling SAMLInitializer::doBootstrap()
, as in the example [1].
Additionally, setting the property directly in the wso2server.sh
startup script also addressed the issue.
@vfraga and I tried to reproduce this locally and couldn't. We should try a different way to produce this from the code [1].
Describe the issue: When marshalling (serialising) an OpenSAML XMLObject using the
SSOUtils::marshall(XMLObject)
method [1], the Identity Server tries to set thejavax.xml.parsers.DocumentBuilderFactory
property at runtime before starting the operations using the OpenSAML/Shibboleth helper classes to get the equivalent SAML XML String from the Java OpenSAML XMLObject. However, theAbstractXMLObjectMarshaller::marshall(XMLObject)
method relies on a parser pool to create a new document to act as a root document:This document is of class
com.sun.org.apache.xerces.internal.dom.DocumentImpl
, instead of the expectedorg.apache.xerces.dom.DeferredDocumentImpl
, because the parser pool was already initialised before thejavax.xml.parsers.DocumentBuilderFactory
property was set at runtime at the start of theSSOUtils::marshall(XMLObject)
method. Supposedly, when theSAMLInitializer::doBootstrap()
method was called.This causes an error when trying to unmarshall (deserialise) an SAML XML String into a OpenSAML Java XMLObject and then marshall (serialise) it again back into a SAML XML String:
Related code:
Example situation:
How to reproduce:
deployment.toml
file of the second instance:Expected behavior: It should be possible to unmarshall and marshall the XMLObject in sequence, as they should've been the same DOM Implementation.
Environment information:
[1] https://github.com/wso2-extensions/identity-outbound-auth-samlsso/blob/v5.8.1/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOUtils.java#L369 [2] https://github.com/vfraga/test_custom_sso_manager [3] https://github.com/vfraga/test_custom_sso_manager/blob/main/src/main/java/org/wso2/support/sample/manager/SAML2SSOManager.java#L568