OpenSAML user discussion

["Qian Wang" <>]

Hi, my SAML response is causing this error:

 

"caught a SAML exception: caught an XMLSec exception while verifying 
signature: Referenced ID is not in DOM Document"

 

 

Here is my SAML response. Could you help find the error in the response? 
Thanks a lot!

 

 

<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" 
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" 
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" 
xmlns:xsd="http://www.w3.org/2001/XMLSchema"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
IssueInstant="2005-12-09T08:37:37.181Z" MajorVersion="1" MinorVersion="1" 
Recipient="https://corporate.expedia.com/pub/agent.dll?qscr=sson&amp;gpid=41"; 
ResponseID="_40d5718b159b83e59d88fd1763213e18"><ds:Signature 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>

<ds:SignedInfo>

<ds:CanonicalizationMethod 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>

<ds:SignatureMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod>

<ds:Reference URI="#_40d5718b159b83e59d88fd1763213e18">

<ds:Transforms>

<ds:Transform 
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform>

<ds:Transform 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces 
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="code ds kind 
rw saml samlp typens #default xsd 
xsi"></ec:InclusiveNamespaces></ds:Transform>

</ds:Transforms>

<ds:DigestMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>

<ds:DigestValue>257Jsyw6U4I10+orEfF29viI1mo=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>

fU0jE7ABUnZLozu4/JthEe7GPCXhAmNFAPKwhoQF28GZxD2iB+Oe9XX0VSGh3IBfQXyfX+TKO+rL

BqE9N4IaXbQAxnjUL7jvsy/WMgXxOseAr07zb4BVhO4YOn0p5sDW0ZcPWNtwY+VtJLIpYRChKoxm

4Jl7sLgveHibEHTH0ZU=

</ds:SignatureValue>

</ds:Signature><Status><StatusCode 
Value="samlp:Success"></StatusCode></Status><Assertion 
xmlns="urn:oasis:names:tc:SAML:1.0:assertion" 
AssertionID="_9bc1e8fd9083136b2c3ddcda7ddae5d4" 
IssueInstant="2005-12-09T08:37:37.494Z" Issuer="http://www.opensaml.org"; 
MajorVersion="1" MinorVersion="0"><Conditions 
NotBefore="2005-12-09T08:37:37.431Z" 
NotOnOrAfter="2005-12-09T08:38:37.431Z"><AudienceRestrictionCondition><Audience>http://www.opensaml.org</Audience></AudienceRestrictionCondition></Conditions><AuthenticationStatement
 AuthenticationInstant="2005-12-09T08:37:37.431Z" 
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"><Subject><NameIdentifier>u2222222</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod></SubjectConfirmation></Subject><SubjectLocality
 DNSAddress="d:\cork.jks" 
IPAddress="d:\cork.jks"></SubjectLocality></AuthenticationStatement><AttributeStatement><Subject><NameIdentifier>u2222222</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod></SubjectConfirmation></Subject><Attribute
 AttributeName="EmpUID" AttributeNamespace="cork"><AttributeValue 
xsi:type="xsd:string">1</AttributeValue></Attribute></AttributeStatement></Assertion></Response>