OpenSAML user discussion

[Terry Cumming <>]

Thanks for fixing one problem Scott. I used the SAMLRequest class you
changed and my problem with the query went away. This solves the problem
with the test code that I provided.

However, in my real code, I still get the same problem with the bad
signature value (trying to verify signature of SAMLRequest received via
SAMLSOAPBinding). I did find a workaround however. If I simply streamed the
SAMLRequest object out then immediately created a new SAMLRequest with the
constructor taking that stream as input, then the verify is successful.

The next problem occurs when I attempt to sign the SAMLResponse (containing
a single unsigned assertion to go back to the requestor). The
SAMLSOAPBindind.respond() operation fails with: 

org.w3c.dom.DOMException: HIERARCHY_REQUEST_ERR: An attempt was made to
insert a node where it is not permitted. 
        at
org.apache.xerces.dom.CoreDocumentImpl.insertBefore(CoreDocumentImpl.java:440)
        at org.apache.xerces.dom.NodeImpl.appendChild(NodeImpl.java:267)
        at org.opensaml.SAMLSOAPBinding.respond(SAMLSOAPBinding.java:414).

If I don't sign the response the respond() call works fine. I will send the
SAMLResponse XML by private email.

Thanks.

Terry Cumming

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--