mace-opensaml-users - RE: how to get log to work in opensaml?
Subject: OpenSAML user discussion
List archive
- From: "Scott Cantor" <>
- To: "'Chen, James'" <>, <>
- Subject: RE: how to get log to work in opensaml?
- Date: Fri, 1 Apr 2005 16:37:06 -0500
- Organization: The Ohio State University
> With signtest, I got the following exception:
> SAMLSignedObject::verify() detected an invalid signature profile
>
> Can you spot the source of the problem?
Well, you're mixing a 1.0 Assertion inside a 1.1 Response. That in and of
itself is a problem because signing in 1.0 doesn't really work well. The
code should be ignoring that and treating it as a 1.1 assertion, I don't
have real support for 1.0 anymore unless you turn compatibility mode on.
Then, you've got a Reference URI of "", which would mean you'd be signing
the entire message, so that would break anyway when you try and verify the
assertion.
I don't know specifically why that error applies. I don't think it should.
You'd have to trace the code and see where the verify method is stopping. I
thought it might be the reference URI, but the code handles that, although
for no particular reason since it's not usable that way.
Anyway, if you're signing, you need to stick with 1.1 and get properly
signed objects that adhere to the spec.
-- Scott
- RE: how to get log to work in opensaml?, Scott Cantor, 04/01/2005
Archive powered by MHonArc 2.6.16.