OpenSAML user discussion

[Scott Cantor <>]

> I got another SAML XML Signature validation problem. SAMLAssertion or
> SAMLSignedObject throws the following exceptions:
> 
> org.apache.xml.security.signature.MissingResourceFailureExcept
> ion: The Reference
> for URI #ce39e00ec0c14829d45e070346bdc2c4 has no XMLSignatureInput
> org.apache.xml.security.signature.ReferenceNotInitializedExcep
> tion: input node set contains no nodes

You're not parsing the XML with a validating parser like I do, so the
AssertionID is not properly designated.

That said, I think I can add a DOM3 call in my code in a second location
that may take care of this. I call setIdAttributeNS when I build a DOM, but
not when I build an object from a DOM. If I call it there, it might fix
this.

But, I would note that you're risking a crash with a non-validating parse.
My code assumes validation, so I don't check the DOM over with tweezers by
hand, I just assume stuff is where it should be.

If you can, you should use my XML.ParserPool class to get a parser that you
can call parse with.

> However, after I pass it over the wire thru a SOAP message. It cannot be
> verified due to the above exceptions. The SOAP message signature has be
> verified without any problem. I'm sure the reference URI #ce... is 
> exactly the AssertionID.

Because this SOAP message is being parsed by who knows what, and with who
knows what settings.

-- Scott