mace-opensaml-users - RE: verifying signature on saml assertions
Subject: OpenSAML user discussion
List archive
- From: Scott Cantor <>
- To: 'Rakesh Aggarwal' <>, ,
- Cc: 'Shamik Sharma' <>, 'Mike McEvoy' <>
- Subject: RE: verifying signature on saml assertions
- Date: Mon, 14 Apr 2003 17:55:04 -0400
- Importance: Normal
- Organization: The Ohio State University
> I wonder how extra newlines can break the signature
> verification. Wouldn't XML C14N take care of that?
No. This trips up lots of people. Whitespace is not ignored during c14n. Lots
of people assume that whitespace is just stripped, but
it's not. It's completely significant.
If you build a SAML object, sign it, serialize it with an extra linefeed,
parse it, and verify, you will get an error. Always.
-- Scott
---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
---------------------------------------------------mace-opensaml-users--
- RE: verifying signature on saml assertions, (continued)
- RE: verifying signature on saml assertions, mochamaster, 04/14/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/14/2003
- RE: verifying signature on saml assertions, mochamaster, 04/15/2003
- RE: verifying signature on saml assertions, mochamaster, 04/15/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/16/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/16/2003
- RE: verifying signature on saml assertions, mochamaster, 04/16/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/16/2003
- RE: verifying signature on saml assertions, mochamaster, 04/16/2003
- RE: verifying signature on saml assertions, mochamaster, 04/15/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/14/2003
- RE: verifying signature on saml assertions, Rakesh Aggarwal, 04/14/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/14/2003
- RE: verifying signature on saml assertions, Rakesh Aggarwal, 04/14/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/14/2003
- RE: verifying signature on saml assertions, Rakesh Aggarwal, 04/16/2003
- RE: verifying signature on saml assertions, mochamaster, 04/14/2003
Archive powered by MHonArc 2.6.16.