Skip to Content.
Sympa Menu

mace-opensaml-users - Problem with getX509Certificates

Subject: OpenSAML user discussion

List archive

Problem with getX509Certificates


Chronological Thread 
  • From: Jean-Noel Colin <>
  • To:
  • Subject: Problem with getX509Certificates
  • Date: Tue, 4 Oct 2005 16:45:45 +0200

Hi

I'm using OpenSAML to generate signed assertions like the one shown below. I sign a SAMLAssertion using the sign() method, providing the private key and the certificate.

The problem is that when i call the 'getX509Certificates()' method on that SAMLAssertion object, I get the following exception:


org.opensaml.InvalidCryptoException: SAMLSignedObject.getX509Certificates() can't find any X.509 certificates in signaturefalse
at org.opensaml.SAMLSignedObject.getX509Certificates(Unknown Source)


which surprises me, since there is a X509Certificate included in the keyinfo element.

Is this a bug or am I missing something?

Thanks for your help

Jean-Noel Colin




<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
AssertionID="_c5f4e49a0d5be48331430f468475137a" IssueInstant="2005-10-04T14:36:21.226Z"
Issuer="urn:iclass:services:naivests" MajorVersion="1" MinorVersion="1">
<Conditions NotBefore="2005-10-04T14:36:21.226Z" NotOnOrAfter="2005-10-04T15:36:21.226Z"/>
<AuthenticationStatement AuthenticationInstant="2005-10-04T14:36:21.226Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
<Subject>
<NameIdentifier Format="urn:oasis:names:tc:SAML: 1.1:nameid-format:unspecified"
NameQualifier="ItalDATA MLE">popo</NameIdentifier>
<SubjectConfirmation>
<ConfirmationMethod>urn:oasis:names:tc:SAML: 1.0:cm:sender-vouches</ConfirmationMethod>
</SubjectConfirmation>
</Subject>
</AuthenticationStatement>
<AttributeStatement>
<Subject>
<NameIdentifier Format="urn:oasis:names:tc:SAML: 1.1:nameid-format:unspecified"
NameQualifier="ItalDATA MLE">popo</NameIdentifier>
<SubjectConfirmation>
<ConfirmationMethod>urn:oasis:names:tc:SAML: 1.0:cm:sender-vouches</ConfirmationMethod>
</SubjectConfirmation>
</Subject>
<Attribute AttributeName="roles" AttributeNamespace="urn:iclass:names">
<AttributeValue>Teacher</AttributeValue>
<AttributeValue>Administrator</AttributeValue>
</Attribute>
</AttributeStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/ 2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/ xmldsig#rsa-sha1"/>
<ds:Reference URI="#_c5f4e49a0d5be48331430f468475137a">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/ 2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/ 2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http:// www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="code ds kind rw saml samlp typens #default xsd xsi"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/ 2000/09/xmldsig#sha1"/>
<ds:DigestValue>4b5HX2+ZmomeoMe5zOn/6apWqCY=</ ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
vIk7aKnuJBr/0/ SoNSHHivgjBJFLUnz6KJkDcwCzgEOzlmxMBJI4cetmG4nASytAxI6DWBtFdN7F
7/VXEsnaaUngLqL87LhvbCNc +3rZn79LmSSooCl1eXW0GKxvcH9kbO5idUbtm+P+BUubKSjk5YCO
xZhW+s05ef6NA9kfWE8= </ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIICUjCCAbsCBELLq2AwDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCQkUxCzAJBgNVBAgT Am5h
MREwDwYDVQQHEwhCcnVzc2VsczEZMBcGA1UEChMQU3VuIE1pY3Jvc3lzdGVtczETMBEGA1UE CxMK
aUNsYXNzIFNUUzERMA8GA1UEAxMIbmFpdmVzdHMwHhcNMDUwNzA2MDk1ODU2WhcNMDgwNDAx MDk1
ODU2WjBwMQswCQYDVQQGEwJCRTELMAkGA1UECBMCbmExETAPBgNVBAcTCEJydXNzZWxzMRkw FwYD
VQQKExBTdW4gTWljcm9zeXN0ZW1zMRMwEQYDVQQLEwppQ2xhc3MgU1RTMREwDwYDVQQDEwhu YWl2
ZXN0czCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3mIFuN+J/kBAXesN9LvY88zd/ 93T7Zox
/sG+/ yPiyGb20vUCSXcGGHmMppxnid9yWgD1Dbo36erzOcqXFPs97qTcvxVOqQmHxHmHGsTPWuxp
v5qwEye9VGQ85bxP0UV21E5RYLTb4v7/T9fsEs +GpEZ8Vfi1jMBQmtZg/zu+cDECAwEAATANBgkq
hkiG9w0BAQQFAAOBgQCM/ZWUC5QV/ 5liRH3EPRt8e2ZbSDvZIUDsGxxENN+/32QCnyBPZjDfSGbG
K2G6DJb7AE4KLNdwLfd8yd9jnLMen0ekf+tDhMgTx/ wuT89nPFRJNaDRIQJRgYXgGcvB/vaN/FPd
Us8AU9dHT21GkUh0xFOm/DA4m1g1DVnc8y1jTQ== </ ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</Assertion>




Archive powered by MHonArc 2.6.16.

Top of Page