OpenSAML user discussion

[Scott Cantor <>]

> I am using axis API to serialize the message to and from XML. 
> Corresponding axis API methods are "writeTo()" and "parse()". 
> I use the following method insertSamlInHeader() to insert the 
> signed saml-assertion in SOAP headers.

Right, I get it. Certainly you can insert the DOM objects that make up the 
assertion into a tree from another JAXP-based package
that's using the same parser underneath, but when you dump the XML text, you 
can't allow that package to muck with it and add extra
text node content like whitespace.

A lot of tools seem to do that without regard for the fact that the output 
XML no longer matches the original data. That's obviously
dangerous. In the case of signatures, it's fatal.

> The (extra-whitespace) problem does seem related to axis soap 
> (de)serialization. The sign() and verify() does pass when 
> just using w3c Document object to wrap the samlAssertion 
> Node, and using the toDOM(),
> fromDOM() methods in SAMLAssertion objects.

If you can use Axis to get hold of the SOAP DOM (the envelope), what you can 
do is write your own code to output the DOM using the
c14n algorithm inside xmlsec. I don't expose that because I'm trying to hide 
my use of xmlsec inside. But you can always import and
call those methods directly.

Just look at toStream() in any of the SAML classes to see how to do it.

-- Scott

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--