Skip to Content.
Sympa Menu

mace-opensaml-users - A problem in validating the signature in an Assertion

Subject: OpenSAML user discussion

List archive

A problem in validating the signature in an Assertion


Chronological Thread 
  • From: Joncheng Kuo <>
  • To:
  • Subject: A problem in validating the signature in an Assertion
  • Date: Wed, 30 Oct 2002 16:29:37 -0500
  • Organization: Syracuse University

Hi,

I found a problem in validaing a signature in Assertion.

In the constructure, SAMLAssertion(Element e), the following code that checks the validity does not work in my assertion created by OpenSAML.

if (intersect.isIntersect() &&
intersect.getXPathFilterStr()
.equals("\nhere()/ancestor::saml:Assertion[1]\n") &&
subtract.isSubtract() &&
subtract.getXPathFilterStr()
.equals("\nhere()/ancestor::ds:Signature[1]\n"))
valid=true;

The problem is that intersect.getXPathFilterStr() and subtract.getXPathFilterStr() return strings that have leading spaces. I don't know if that's configuration problem or the checking code should do a trim() before comparing with "here()/ancestor:...".

I use the following two transforms to generate my signature. Is there anything wrong with that?

org.apache.xml.security.transforms.Transforms.TRANSFORM_ENVELOPED_SIGNATURE
org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_OMIT_COMMENTS

Thank you.

Joncheng Kuo

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--




Archive powered by MHonArc 2.6.16.

Top of Page