Skip to Content.
Sympa Menu

mace-opensaml-users - RE: verifying signature on saml assertions

Subject: OpenSAML user discussion

List archive

RE: verifying signature on saml assertions


Chronological Thread 
  • From: Scott Cantor <>
  • To: 'Rakesh Aggarwal' <>, ,
  • Cc: 'Shamik Sharma' <>, 'Mike McEvoy' <>
  • Subject: RE: verifying signature on saml assertions
  • Date: Mon, 14 Apr 2003 17:55:04 -0400
  • Importance: Normal
  • Organization: The Ohio State University

> I wonder how extra newlines can break the signature
> verification. Wouldn't XML C14N take care of that?

No. This trips up lots of people. Whitespace is not ignored during c14n. Lots
of people assume that whitespace is just stripped, but
it's not. It's completely significant.

If you build a SAML object, sign it, serialize it with an extra linefeed,
parse it, and verify, you will get an error. Always.

-- Scott

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at

http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--




Archive powered by MHonArc 2.6.16.

Top of Page