mace-opensaml-users - problems verifying signatures with saml 1.1 api
Subject: OpenSAML user discussion
List archive
- From: mochamaster <>
- To: saml <>
- Subject: problems verifying signatures with saml 1.1 api
- Date: Mon, 12 May 2003 11:50:47 -0700 (PDT)
signature verification fails and i don't know why.
i sign on the protocol level.
here's the xml:
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
InResponseTo="f9a2e6565441a30bb2a9b6a3db75229a"
IssueInstant="2003-05-12T18:39:42Z" MajorVersion="1"
MinorVersion="1"
ResponseID="d416e1355c30706bdffc11bae94b2d07">
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1";
/>
<ds:Reference
URI="#d416e1355c30706bdffc11bae94b2d07">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";
/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#";
PrefixList="#default code ds kind rw saml samlp
typens" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue>QcTxeJIKfejt1+aXcJ3hOFtGE7k=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>g/Q4ycmYZpKdt6yFRJKf243xf1QEzNwBbMfyc1Xrw8v2GxYWVeqtGA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIC9jCCArQCBDruqiowCwYHKoZIzjgEAwUAMGExCzAJBgNVBAYTAkRFMR0wGwYDVQQKExRVbml2
ZXJzaXR5IG9mIFNpZWdlbjEQMA4GA1UECxMHRkIxMk5VRTEhMB8GA1UEAxMYQ2hyaXN0aWFuIEdl
dWVyLVBvbGxtYW5uMB4XDTAxMDUwMTEyMjA1OFoXDTA2MTAyMjEyMjA1OFowYTELMAkGA1UEBhMC
REUxHTAbBgNVBAoTFFVuaXZlcnNpdHkgb2YgU2llZ2VuMRAwDgYDVQQLEwdGQjEyTlVFMSEwHwYD
VQQDExhDaHJpc3RpYW4gR2V1ZXItUG9sbG1hbm4wggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9T
gR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv
8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX
Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSv
u/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64e
K7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC
gYASWfn+G1k/nWntj9jX7Nk5JKaiLZ9BLR16eJJxqff33THLfdGs98Xmh2oRWZVh9PMV8oTP3hpR
cRipjZUZVEIqsBlOGTVLCg4H5TJ81JWOiprh+mkhClNqUr8l5Hu7FBSvQB6inryeva7j0aKNiIvK
8vfHTiUZpnyNRhkveBlM0jALBgcqhkjOOAQDBQADLwAwLAIUPDd/UmB9GeHqvGjny30Bvjt0AkUC
FA9ab72kKuB5geYGeckbBrcgPnZk
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<Status>
<StatusCode Value="samlp:Success" />
</Status>
<Assertion
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
AssertionID="dcebd80132125e0ac81cea421b40bcff"
IssueInstant="2003-05-12T18:39:42Z"
Issuer="DAS-NYSECAP" MajorVersion="1"
MinorVersion="1">
<Conditions NotBefore="2003-05-12T18:39:42Z"
NotOnOrAfter="2003-06-12T18:39:42Z" />
<AuthenticationStatement
AuthenticationInstant="2003-05-12T18:39:42Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
<Subject>
<NameIdentifier
NameQualifier="user">nxlabjp4</NameIdentifier>
</Subject>
</AuthenticationStatement>
</Assertion>
</Response>
and the stack trace:
org.apache.xml.security.signature.XMLSignatureException:
The Reference for URI
#d416e1355c30706bdffc11bae94b2d07 has no
XMLSignatureInput
Original Exception was
org.apache.xml.security.signature.MissingResourceFailureException:
The Reference for URI
#d416e1355c30706bdffc11bae94b2d07 has no
XMLSignatureInput
Original Exception was
org.apache.xml.security.signature.ReferenceNotInitializedException:
input node set contains no nodes
Original Exception was
org.apache.xml.security.signature.ReferenceNotInitializedException:
input node set contains no nodes
Original Exception was
org.apache.xml.security.signature.XMLSignatureException:
input node set contains no nodes
Original Exception was
org.apache.xml.security.transforms.TransformationException:
input node set contains no nodes
at
org.opensaml.SAMLSignedObject.verify(SAMLSignedObject.java:334)
at
org.opensaml.SAMLSignedObject.verify(SAMLSignedObject.java:256)
at
com.siac.si.nsi.das.DASClient.verifySignature(DASClient.java:362)
seems that xmlsec can't obtain the signed components
during de-transformation.
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
---------------------------------------------------mace-opensaml-users--
- problems verifying signatures with saml 1.1 api, mochamaster, 05/12/2003
- RE: problems verifying signatures with saml 1.1 api, Scott Cantor, 05/12/2003
Archive powered by MHonArc 2.6.16.