OpenSAML user discussion

["Shannon Kendrick" <>]

I'm having a problem with signature validation after a SAMLResponse has been
parsed. The problem appears to be related to the XML parsing step. To
investigate I signed a SAMLResponse object and immediately validated it.
That works fine. However, after I parse the SAMLResponse (using
ByteArrayOutputStream, ByteArrayInputStream, and XML.parserPool) the
resulting SAMLResponse object fails to validate. Here is the relevant code:

// Sign the SAML Response
samlResponse.sign(XMLSignature.ALGO_ID_SIGNATURE_DSA, key, null, true);

// Validate the SAML Response
samlResponse.verify(cert, true); // This works!
logger.debug("*** SAML Response digital signature verified. ***");

ByteArrayOutputStream out = new ByteArrayOutputStream();
samlResponse.toStream(out);
InputStream in = new ByteArrayInputStream(out.toByteArray());

// Parse the XML
Document doc = XML.parserPool.parse(in);
SAMLResponse samlResponse2 =
 new SAMLResponse(doc.getDocumentElement());

// Validate the SAML Response
samlResponse2.verify(cert, true); // This fails!
logger.debug("*** SAML Response digital signature verified. ***");

Any idea why the second parsing fails?
Shannon Kendrick

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--