mace-opensaml-users - RE: Signature validation fails after parsing SAML Response
Subject: OpenSAML user discussion
List archive
- From: Scott Cantor <>
- To: 'Shannon Kendrick' <>,
- Subject: RE: Signature validation fails after parsing SAML Response
- Date: Tue, 04 Mar 2003 09:31:27 -0500
- Importance: Normal
- Organization: The Ohio State University
> I did a string compare on the "toString()" values of the two
> SAMLResponse objects and they checkout fine. It seems to only
> fail if I've got an AttributeStatement in the response.
> Without the AttributeStatement everything validates fine.
There are some issues with signing assertions inside responses, but that's
not what you're trying here, so this must be a new bug.
> Is it possible that either the validation or the check isn't
> including the AttributeStatement in the digest? If I wanted
> to sign the document myself would I use "toDOM" to get the
> Document reference?
That would be one way to do it, yes. toDOM() just gets you the DOM. The whole
mess gets a little complicated when you have
interactions between Documents, but it is possible to create a signature
externally using a DOM Document, and pass that in to
toDOM() to insure that the document is used uniformly. A bit messy though, I
admit.
Let me use your sample code to author a new Junit test and I'll see if I can
reproduce it.
-- Scott
---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
---------------------------------------------------mace-opensaml-users--
- Re: Signature validation fails after parsing SAML Response, Shannon Kendrick, 03/04/2003
- RE: Signature validation fails after parsing SAML Response, Scott Cantor, 03/04/2003
- RE: Signature validation fails after parsing SAML Response, Scott Cantor, 03/06/2003
Archive powered by MHonArc 2.6.16.