/* On Lucee Error "Could not initialize class org.apache.xml.security.Init" is possibly caused by incompatible slf4j(api?) Solution: put slf4j-api-1.7.22.jar to D:\lucee\tomcat\lib */ Init = CreateObject("Java", "org.apache.xml.security.Init").Init().init(); /* // more complex way to initialize xmlsec ref = createObject("java", "org.apache.xml.security.Init"); // writeDump(ref); // initialize if needed if (!ref.isInitialized()) { // find static method named "init" with no parameters method = ref.getClass().getDeclaredMethod("init", []); // invoke it via reflection method.invoke(ref, javacast("null", "")); } */ dataArray=XMLSearch(SAMLResponseXml, "//*[name()='EncryptedAssertion']"); try { dataElement=dataArray[1]; DECRYPT_MODE=CreateObject( "Java", "org.apache.xml.security.encryption.XMLCipher").DECRYPT_MODE; cipher=CreateObject( "Java", "org.apache.xml.security.encryption.XMLCipher").getInstance(); cipher.init(DECRYPT_MODE, javacast("null", "")); cipher.setKEK(privateKey); cipher.doFinal(dataElement.getOwnerDocument(), dataElement, true); } catch (any e) { err = "Ошибка авторизации. Статус запроса: " & SAMLStatus; } // if (NOT len(err)) { assertionArray = XMLSearch(SAMLResponseXml, "/*[name()='samlp:Response']/*[name()='EncryptedAssertion']/*[name()='Assertion']"); try { assertionElement = assertionArray[1]; assertionElement.setIdAttribute("ID",true); //sic! //WriteDump(assertionElement); Init = CreateObject("Java", "org.apache.xml.security.Init").Init().init(); SignatureConstants = CreateObject("Java", "org.apache.xml.security.utils.Constants"); SignatureSpecNS = SignatureConstants.SignatureSpecNS; //writeDump(SignatureSpecNS); xmlSignatureClass = CreateObject("Java", "org.apache.xml.security.signature.XMLSignature"); signatureElement=SAMLResponseXml.getElementsByTagNameNS(SignatureSpecNS,"Signature").item(0); xmlSignature = xmlSignatureClass.init(signatureElement,""); keyInfo = xmlSignature.getKeyInfo(); X509CertificateResolverCN = "org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver"; keyResolver = CreateObject("Java", X509CertificateResolverCN).init(); keyInfo.registerInternalKeyResolver(keyResolver); x509cert = keyInfo.getX509Certificate(); isValid = xmlSignature.checkSignatureValue(x509cert); } catch (any e) { err = "Ошибка при проверке подписи. Статус запроса: " & SAMLStatus; } } select usr_id, locked, shortname from usr where login= #err#