OpenSAML user discussion

[Scott Cantor <>]

> Problem Solution 
> 
> org.opensaml.compatibility-mode = true 
> 
>         However, I am not sure how this could have an impact 
> only in the web environment of WSAD 5.0 and not in the stand 
> alone Java program. Scott, can you please help me understand 
> the significance of this change.

You do NOT want to do that without good reason. Signatures are worthless in
compatible mode, only SAML 1.1 properly defines how to do them. You should
never use it to fix a problem in your servlet container, which is all this
is.

If your code doesn't work, you need to fix the Java environment you're
working in and solve the system problem.

If you're forced to use IBM's JVM, that might be the problem. That's evil,
frankly. Picking a JVM should be your call, not the vendor's. But try asking
on the xmlsec list and find out who else is using it and what they might
have done.

Make sure you've got ALL XML-related stuff IBM might be suplying totally
ripped out and overridden by class endorsement. That includes Xerces and
Xalan. Errors during signing are quite possibly problems accessing Xalan to
do Xpath transforms at some point internally.

Also make sure you're on the latest code.

-- Scott