OpenSAML user discussion

[Joncheng Kuo <>]

Hi,

I found a problem in validaing a signature in Assertion.

In the constructure, SAMLAssertion(Element e), the following code that 
checks the validity does not work in my assertion created by OpenSAML.

if (intersect.isIntersect() &&
    intersect.getXPathFilterStr()
        .equals("\nhere()/ancestor::saml:Assertion[1]\n") &&
    subtract.isSubtract() &&
    subtract.getXPathFilterStr()
        .equals("\nhere()/ancestor::ds:Signature[1]\n"))
    valid=true;

The problem is that intersect.getXPathFilterStr() and 
subtract.getXPathFilterStr() return strings that have leading spaces. I 
don't know if that's configuration problem or the checking code should 
do a trim() before comparing with "here()/ancestor:...".

I use the following two transforms to generate my signature. Is there 
anything wrong with that?

org.apache.xml.security.transforms.Transforms.TRANSFORM_ENVELOPED_SIGNATURE
org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_OMIT_COMMENTS

Thank you.

Joncheng Kuo

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

   http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--