OpenSAML user discussion

[Scott Cantor <>]

> I am building using the SAMLAssertion object and then signing 
> it. Then I convert the assertion to a Node using the toDOM() 
> method, and insert it in a SOAP envelope using the 
> SOAPHeaderElement object.

Ok. Now how do you generate the XML text out of that SOAP envelope?

> While verifying it I get the SOAPHeaderElement from the 
> SOAPEnvelope, and then construct a SAMLAssertion out of it. I 
> cast it to a SAMLSignedObject and then call verify() on it. 

No need to cast, it's inherited.

> At this point, the
> verify() fails due to mismatch in signature values.

I believe the reason is that the XML text you get from whatever you're using 
is not the right text. It's pretty printing it. That's
illegal. That will break the signature.

> I am going to check if the extra newline are coming in while 
> serializing and deserializing saml objects.

They don't. When you call toStream(), you won't get any extra whitespace. If 
you're not calling toStream(), you must use some other
implementation that relies on c14n to generate its XML.

If you're doing SOAP, for example, make sure your SOAP toolkit isn't 
inserting the whitespace. If it is, it's broken. It should at
least give you the option to pretty print or not.

-- Scott

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--