mace-opensaml-users - RE: Signature validation fails after parsing SAML Response
Subject: OpenSAML user discussion
List archive
- From: Scott Cantor <>
- To: 'Liang Fang' <>
- Cc:
- Subject: RE: Signature validation fails after parsing SAML Response
- Date: Sat, 03 Jan 2004 16:14:52 -0500
- Importance: Normal
- Organization: The Ohio State University
> Apparently, they are actually still the same thing, except that the latter
> has "saml" as its prefix. However, XML Signature cannot verify this. It
> thinks the corresponding signature is invalid.
It is. Signature operates on bytes, not the Infoset.
> I am wondering: doesn't the canonicalization procedure solve
> the problem?
Yes. Your process of serialization is invalid and cannot be used. You must
use a canonicalizing or at least a non-invasive serializer, which my code
does, at least in the case of my Java.
> -- apparently it doesn't here. So how to solve this problem?
Stop using whatever serializer you're using, which is breaking your XML. You
can use the C14N classes from the xmlsecurity code if you want, which is
what I do.
Xerces DOMWriter does not support C14N, something I really wish they would
fix, but until they do, using xmlsec's classes is the best option.
-- Scott
- RE: Signature validation fails after parsing SAML Response, Scott Cantor, 01/03/2004
- one subject for multiple statements, Liang Fang, 01/04/2004
- RE: one subject for multiple statements, Scott Cantor, 01/04/2004
- one subject for multiple statements, Liang Fang, 01/04/2004
Archive powered by MHonArc 2.6.16.