OpenSAML user discussion

[Ted Toth <>]

By interop I mean between .NET and Java web services
and clients. My .NET client is failing to validate the
response from a Java server (which uses opensaml)
because the WSE SecurityInputFilter is trying
to validate the signature of the element with the id
id-12374346 however for a SAML Assertion it is
comparing against the AssertionID and not the wsu:Id.

<Assertion
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
AssertionID="c3d50b725586474de4e411e597933763"
IssueInstant="2005-06-23T15:53:51.125Z"
Issuer="CN=www.foo.com, OU=Other, OU=PKI, OU=XxX,
O=U.S. Government, C=US" MajorVersion="1"
MinorVersion="1" wsu:Id="id-12374346">

If these ids contained the same value then I think
this would work. Does opensaml add the wsu:Id? I know
that you can create a SAMLAssertion with an id
(AssertionID) but for the .Net client to interoperate
with a Java based service the ids probably need to
match. I'm saying this because in the request
generated by the .Net client match and the Java server
seems to have no problem digesting them and validating
the signature.

Ted



                
__________________________________ 
Discover Yahoo! 
Get on-the-go sports scores, stock quotes, news and more. Check it out! 
http://discover.yahoo.com/mobile.html