Skip to Content.
Sympa Menu

mace-opensaml-users - RE: Re: Signature validation fails after parsing SAML Response

Subject: OpenSAML user discussion

List archive

RE: Re: Signature validation fails after parsing SAML Response


Chronological Thread 
  • From: Scott Cantor <>
  • To:
  • Cc:
  • Subject: RE: Re: Signature validation fails after parsing SAML Response
  • Date: Sat, 20 Dec 2003 13:12:47 -0500
  • Importance: Normal
  • Organization: The Ohio State University

> I got another SAML XML Signature validation problem. SAMLAssertion or
> SAMLSignedObject throws the following exceptions:
>
> org.apache.xml.security.signature.MissingResourceFailureExcept
> ion: The Reference
> for URI #ce39e00ec0c14829d45e070346bdc2c4 has no XMLSignatureInput
> org.apache.xml.security.signature.ReferenceNotInitializedExcep
> tion: input node set contains no nodes

You're not parsing the XML with a validating parser like I do, so the
AssertionID is not properly designated.

That said, I think I can add a DOM3 call in my code in a second location
that may take care of this. I call setIdAttributeNS when I build a DOM, but
not when I build an object from a DOM. If I call it there, it might fix
this.

But, I would note that you're risking a crash with a non-validating parse.
My code assumes validation, so I don't check the DOM over with tweezers by
hand, I just assume stuff is where it should be.

If you can, you should use my XML.ParserPool class to get a parser that you
can call parse with.

> However, after I pass it over the wire thru a SOAP message. It cannot be
> verified due to the above exceptions. The SOAP message signature has be
> verified without any problem. I'm sure the reference URI #ce... is
> exactly the AssertionID.

Because this SOAP message is being parsed by who knows what, and with who
knows what settings.

-- Scott




Archive powered by MHonArc 2.6.16.

Top of Page