mace-opensaml-users - RE: verifying signature on saml assertions
Subject: OpenSAML user discussion
List archive
- From: Scott Cantor <>
- To: 'Rakesh Aggarwal' <>,
- Cc: 'Shamik Sharma' <>, 'Mike McEvoy' <>
- Subject: RE: verifying signature on saml assertions
- Date: Mon, 14 Apr 2003 17:53:02 -0400
- Importance: Normal
- Organization: The Ohio State University
> I am building using the SAMLAssertion object and then signing
> it. Then I convert the assertion to a Node using the toDOM()
> method, and insert it in a SOAP envelope using the
> SOAPHeaderElement object.
Ok. Now how do you generate the XML text out of that SOAP envelope?
> While verifying it I get the SOAPHeaderElement from the
> SOAPEnvelope, and then construct a SAMLAssertion out of it. I
> cast it to a SAMLSignedObject and then call verify() on it.
No need to cast, it's inherited.
> At this point, the
> verify() fails due to mismatch in signature values.
I believe the reason is that the XML text you get from whatever you're using
is not the right text. It's pretty printing it. That's
illegal. That will break the signature.
> I am going to check if the extra newline are coming in while
> serializing and deserializing saml objects.
They don't. When you call toStream(), you won't get any extra whitespace. If
you're not calling toStream(), you must use some other
implementation that relies on c14n to generate its XML.
If you're doing SOAP, for example, make sure your SOAP toolkit isn't
inserting the whitespace. If it is, it's broken. It should at
least give you the option to pretty print or not.
-- Scott
---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
---------------------------------------------------mace-opensaml-users--
- RE: verifying signature on saml assertions, (continued)
- RE: verifying signature on saml assertions, Scott Cantor, 04/12/2003
- RE: verifying signature on saml assertions, Rakesh Aggarwal, 04/14/2003
- RE: verifying signature on saml assertions, mochamaster, 04/14/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/14/2003
- RE: verifying signature on saml assertions, mochamaster, 04/15/2003
- RE: verifying signature on saml assertions, mochamaster, 04/15/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/16/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/16/2003
- RE: verifying signature on saml assertions, mochamaster, 04/16/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/16/2003
- RE: verifying signature on saml assertions, mochamaster, 04/16/2003
- RE: verifying signature on saml assertions, mochamaster, 04/15/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/14/2003
- RE: verifying signature on saml assertions, mochamaster, 04/14/2003
- RE: verifying signature on saml assertions, Rakesh Aggarwal, 04/14/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/14/2003
- RE: verifying signature on saml assertions, Rakesh Aggarwal, 04/14/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/14/2003
- RE: verifying signature on saml assertions, Rakesh Aggarwal, 04/16/2003
Archive powered by MHonArc 2.6.16.