Skip to Content.
Sympa Menu

mace-opensaml-users - RE: problems using OpenSAML 1.0 (Java) on AIX

Subject: OpenSAML user discussion

List archive

RE: problems using OpenSAML 1.0 (Java) on AIX


Chronological Thread 
  • From: "Scott Cantor" <>
  • To: <>, <>
  • Subject: RE: problems using OpenSAML 1.0 (Java) on AIX
  • Date: Thu, 17 Feb 2005 23:45:23 -0500
  • Organization: The Ohio State University

xmlsec 1.1 and the IBM JRE don't get along. Endorsement isn't the issue, the
algorithms have to registered in the xmlsec config file inside the jar and
by default it doesn't know about their JCE.

You might try dropping in the 1.2 xmlsec code, I believe they dumped the old
scheme and just use the JCE calls to get algorithms now. Another option is
to use the BouncyCastle JCE, if it even runs with IBM's JRE.

I've attached an email from the xmlsec list that I think also describes the
issue.

I don't know that xmlsec 1.2 works with the version of my code you're using.
It works as of now in cvs, but at the source level, it's not fully
compatible, so rebuilding with 1.2 requires a small source change. It may be
binary compatible though once opensaml.jar exists.

-- Scott
--- Begin Message ---
  • From: "Pete" <>
  • To: <>
  • Subject: Re: XML Security library & Websphere
  • Date: Fri, 4 Jun 2004 07:40:19 -0500
Even though bouncycastle is free, I'd still like to use the IBM JCE
provider in
WebSphere v5. I was able to get it working with the Apache Axis
samples.security (http://www.w3.org/2000/09/xmldsig#dsa-sha1) by
updating the
config.xml as follows:

<Provider Id="IBM"
Class="com.ibm.crypto.provider.IBMJCE"
Info="IBM JCE Provider"
ProviderURL="http://www.ibm.com/"; />

i had to guess on these algorithms - there may be more...or less.
i found some documentation here:
http://www-1.ibm.com/servers/eserver/zseries/software/java/jcealgo.htm
l
http://www-1.ibm.com/servers/eserver/zseries/software/java/jce.html
Maybe someone out there knows enought to make this complete.

<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#md5";
Description="MD5 message digest from RFC 1321"
AlgorithmClass="MessageDigest"
RequirementLevel="NOT RECOMMENDED"

SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
xmldsig-uri-02.txt">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="MD5" />
<ProviderAlgo ProviderId="BC"
JCEName="MD5" />
<ProviderAlgo ProviderId="SUN"
JCEName="MD5" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#sha1";
Description="SHA-1 message digest"
AlgorithmClass="MessageDigest"
RequirementLevel="REQUIRED">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="SHA1" />
<ProviderAlgo ProviderId="BC"
JCEName="SHA-1" />
<ProviderAlgo ProviderId="SUN"
JCEName="SHA-1" />
<ProviderAlgo ProviderId="IAIK"
JCEName="SHA-1" />
<ProviderAlgo ProviderId="Cryptix"
JCEName="SHA-1" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#dsa-sha1";
Description="Digital Signature Algorithm with
SHA-1 message
digest"
AlgorithmClass="Signature"
RequirementLevel="REQUIRED">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="SHA1WithDSA" />
<ProviderAlgo ProviderId="BC"
JCEName="DSA" />
<ProviderAlgo ProviderId="SUN"
JCEName="DSAWithSHA1" />
<ProviderAlgo ProviderId="IAIK"
JCEName="DSA" />
</Algorithm>

<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#rsa-
md5"
Description="RSA Signature with MD5 message
digest"
AlgorithmClass="Signature"
RequirementLevel="NOT RECOMMENDED"

SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
xmldsig-uri-02.txt">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="MD5WithRSA" />
<ProviderAlgo ProviderId="BC"
JCEName="MD5WithRSAEncryption" />
<ProviderAlgo ProviderId="SunRsaSign"
JCEName="MD5WithRSA" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
Description="RSA Signature with SHA-1 message
digest"
AlgorithmClass="Signature"
RequirementLevel="RECOMMENDED">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="SHA1withRSA" />
<ProviderAlgo ProviderId="BC"
JCEName="SHA1WithRSAEncryption" />
<ProviderAlgo ProviderId="SunRsaSign"
JCEName="SHA1withRSA" />
<ProviderAlgo ProviderId="IAIK"
JCEName="SHA-1/RSA" />
<ProviderAlgo ProviderId="Cryptix"
JCEName="SHA-1/RSA" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2001/04/xmldsig-more#hmac-
md5"
Description="Message Authentication code using
MD5"
AlgorithmClass="Mac"
RequirementLevel="NOT RECOMMENDED"

SpecificationURL="http://www.ietf.org/internet-drafts/draft-eastlake-
xmldsig-uri-02.txt">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="HMAC-MD5" />
<ProviderAlgo ProviderId="BC"
JCEName="HMACMD5" />
<ProviderAlgo ProviderId="SunJCE"
JCEName="HmacMD5" />
</Algorithm>
<Algorithm URI="http://www.w3.org/2000/09/xmldsig#hmac-sha1";
Description="Message Authentication code using
SHA1"
AlgorithmClass="Mac"
RequirementLevel="REQUIRED">
<ProviderAlgo ProviderId="IBMJCE"
JCEName="HMAC-SHA1" />
<ProviderAlgo ProviderId="BC"
JCEName="HMACSHA1" />
<ProviderAlgo ProviderId="SunJCE"
JCEName="HmacSHA1" />
<ProviderAlgo ProviderId="IAIK"
JCEName="HMAC/SHA" />
<ProviderAlgo ProviderId="Cryptix"
JCEName="HMAC-SHA-1" />
</Algorithm>






--- End Message ---



Archive powered by MHonArc 2.6.16.

Top of Page