Skip to Content.
Sympa Menu

mace-opensaml-users - RE: latest on digital sigs.

Subject: OpenSAML user discussion

List archive

RE: latest on digital sigs.


Chronological Thread 
  • From: Scott Cantor <>
  • To: 'Bob Daly' <>,
  • Subject: RE: latest on digital sigs.
  • Date: Wed, 12 Nov 2003 12:57:57 -0500
  • Importance: Normal
  • Organization: The Ohio State University

> I'm serializing the XML before being sent to the
> requester and once it's received by the requester.
> The SOAP envelope received by the requester has the
> exact same content - but when I create a
> SAMLAssertion, various namespace declarations are
> stripped - which would suggest the signature
> verification is failing because the original assertion
> content is different from what is being verified by
> the requester.

Well, it depends. Namespaces always change during c14n, and the Java code
serializes by outputting the c14nized form. So it typically doesn't affect
the signature, since the c14nized form is what the digester sees anyway.

What does matter is how you serialize. If you use my toStream() or
toString() methods, you should be ok, but if you're sticking the assertion
in a SOAP envelope yourself and then serializing some other way, you'll
probably have problems.

But you have to nail down the ID problem. Are you parsing the message with
my classes?

-- Scott

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at

http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--




Archive powered by MHonArc 2.6.16.

Top of Page