OpenSAML user discussion

[Jean-Noel Colin <>]

Hi

I'm using OpenSAML to generate signed assertions like the one shown  
below. I sign a SAMLAssertion using the sign() method, providing the  
private key and the certificate.

The problem is that when i call the 'getX509Certificates()' method on  
that SAMLAssertion object, I get the following exception:


org.opensaml.InvalidCryptoException:  
SAMLSignedObject.getX509Certificates() can't find any X.509  
certificates in signaturefalse
    at org.opensaml.SAMLSignedObject.getX509Certificates(Unknown  
Source)


which surprises me, since there is a X509Certificate included in the  
keyinfo element.

Is this a bug or am I missing something?

Thanks for your help

Jean-Noel Colin




<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
    xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
    xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"  
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
    AssertionID="_c5f4e49a0d5be48331430f468475137a"  
IssueInstant="2005-10-04T14:36:21.226Z"
    Issuer="urn:iclass:services:naivests" MajorVersion="1"  
MinorVersion="1">
    <Conditions NotBefore="2005-10-04T14:36:21.226Z"  
NotOnOrAfter="2005-10-04T15:36:21.226Z"/>
    <AuthenticationStatement  
AuthenticationInstant="2005-10-04T14:36:21.226Z"
        AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
        <Subject>
            <NameIdentifier Format="urn:oasis:names:tc:SAML: 
1.1:nameid-format:unspecified"
                NameQualifier="ItalDATA MLE">popo</NameIdentifier>
            <SubjectConfirmation>
                <ConfirmationMethod>urn:oasis:names:tc:SAML: 
1.0:cm:sender-vouches</ConfirmationMethod>
            </SubjectConfirmation>
        </Subject>
    </AuthenticationStatement>
    <AttributeStatement>
        <Subject>
            <NameIdentifier Format="urn:oasis:names:tc:SAML: 
1.1:nameid-format:unspecified"
                NameQualifier="ItalDATA MLE">popo</NameIdentifier>
            <SubjectConfirmation>
                <ConfirmationMethod>urn:oasis:names:tc:SAML: 
1.0:cm:sender-vouches</ConfirmationMethod>
            </SubjectConfirmation>
        </Subject>
        <Attribute AttributeName="roles"  
AttributeNamespace="urn:iclass:names">
            <AttributeValue>Teacher</AttributeValue>
            <AttributeValue>Administrator</AttributeValue>
        </Attribute>
    </AttributeStatement>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/ 
2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/ 
xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_c5f4e49a0d5be48331430f468475137a">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/ 
2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/ 
2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces xmlns:ec="http:// 
www.w3.org/2001/10/xml-exc-c14n#"
                            PrefixList="code ds kind rw saml samlp  
typens #default xsd xsi"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/ 
2000/09/xmldsig#sha1"/>
                <ds:DigestValue>4b5HX2+ZmomeoMe5zOn/6apWqCY=</ 
ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>
            vIk7aKnuJBr/0/ 
SoNSHHivgjBJFLUnz6KJkDcwCzgEOzlmxMBJI4cetmG4nASytAxI6DWBtFdN7F
            7/VXEsnaaUngLqL87LhvbCNc 
+3rZn79LmSSooCl1eXW0GKxvcH9kbO5idUbtm+P+BUubKSjk5YCO
            xZhW+s05ef6NA9kfWE8= </ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>
                     
MIICUjCCAbsCBELLq2AwDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCQkUxCzAJBgNVBAgT 
Am5h
                     
MREwDwYDVQQHEwhCcnVzc2VsczEZMBcGA1UEChMQU3VuIE1pY3Jvc3lzdGVtczETMBEGA1UE 
CxMK
                     
aUNsYXNzIFNUUzERMA8GA1UEAxMIbmFpdmVzdHMwHhcNMDUwNzA2MDk1ODU2WhcNMDgwNDAx 
MDk1
                     
ODU2WjBwMQswCQYDVQQGEwJCRTELMAkGA1UECBMCbmExETAPBgNVBAcTCEJydXNzZWxzMRkw 
FwYD
                     
VQQKExBTdW4gTWljcm9zeXN0ZW1zMRMwEQYDVQQLEwppQ2xhc3MgU1RTMREwDwYDVQQDEwhu 
YWl2
                     
ZXN0czCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3mIFuN+J/kBAXesN9LvY88zd/ 
93T7Zox
                    /sG+/ 
yPiyGb20vUCSXcGGHmMppxnid9yWgD1Dbo36erzOcqXFPs97qTcvxVOqQmHxHmHGsTPWuxp
                    v5qwEye9VGQ85bxP0UV21E5RYLTb4v7/T9fsEs 
+GpEZ8Vfi1jMBQmtZg/zu+cDECAwEAATANBgkq
                    hkiG9w0BAQQFAAOBgQCM/ZWUC5QV/ 
5liRH3EPRt8e2ZbSDvZIUDsGxxENN+/32QCnyBPZjDfSGbG
                    K2G6DJb7AE4KLNdwLfd8yd9jnLMen0ekf+tDhMgTx/ 
wuT89nPFRJNaDRIQJRgYXgGcvB/vaN/FPd
                    Us8AU9dHT21GkUh0xFOm/DA4m1g1DVnc8y1jTQ== </ 
ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</Assertion>