Skip to Content.
Sympa Menu

mace-opensaml-users - RE: latest on digital sigs.

Subject: OpenSAML user discussion

List archive

RE: latest on digital sigs.


Chronological Thread 
  • From: Bob Daly <>
  • To: Scott Cantor <>,
  • Subject: RE: latest on digital sigs.
  • Date: Wed, 12 Nov 2003 09:13:57 -0800 (PST)

Hi,
Yes, the URI value matches the AssertionID value.

I'm seeing something rather strange which is probably
related to the signature verification failure
(although the error is just reporting a mismatch with
the AssertionID).

I'm serializing the XML before being sent to the
requester and once it's received by the requester.
The SOAP envelope received by the requester has the
exact same content - but when I create a
SAMLAssertion, various namespace declarations are
stripped - which would suggest the signature
verification is failing because the original assertion
content is different from what is being verified by
the requester.

Also - as seen with other users - signature
verification works fine before transport; that is,
signing and verifying within the same service works.

As for the compatibility switch - haven't done
anything related to that.

-bob daly





--- Scott Cantor
<>
wrote:
> > I came across this archived posting from May 2003,
> and
> > I'm seeing the exact same error...receiver of a
> signed
> > SAMLAssertion can't verify.
>
> Well, if you're seeing that exact error, then the
> root cause is indeed that
> the AssertionID attribute isn't being pegged as an
> ID. Make sure you're not
> using that compatibility-mode switch I added to
> support SAML 1.0 apps, which
> I'm sure you're not, but that's the most likely
> culprit.
>
> Apart from that...hmm. Does the Reference URI value
> match the AssertionID of
> the signed assertion in your test case?
>
> -- Scott
>


__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at

http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--




Archive powered by MHonArc 2.6.16.

Top of Page