mace-opensaml-users - Re: getting InvalidCryptoException in SAMLResponse verification
Subject: OpenSAML user discussion
List archive
- From: Bin Lu <>
- To: Scott Cantor <>
- Cc:
- Subject: Re: getting InvalidCryptoException in SAMLResponse verification
- Date: Thu, 15 Dec 2005 15:58:14 -0800
Scott, After I checked the new opensaml and xml-security code I am still not confident that they will fix my problem. Basically it depends on the following test cases, with the attached xml input for the DOM tree and "_77ebd671a4962fbeee80b2c3b4a9f3c88866a468" as the fragment value, can 1. DOMDocument::getElementById(fragment) returns a non-null value 2. TXFMDocObject::setInput(doc, (XMLCh*)fragment) throws no exception either 1 or 2 be satisfied ? Since I don't have all the components needed to run the test with the new opensaml, it would be greately appreciated if somebody could show me that it does work. Thanks, -binlu Scott Cantor wrote: It seems the problem is from TXFMDocObject::setInput() when it looks for an element by id in the DOM tree. That TXFMDocObject is from openssl, do you think updating saml would solve the problem ?There were bugs at times in the ID area, but I don't see a bug in that version, so I really don't know.But the above getElementById() is returnning null. Any suggestion which piece should I update, opensaml, openssl or the DOM Parser ?It's an OpenSAML problem, if it's not a bug in your code somewhere. -- Scott |
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
IssueInstant="2005-12-14T21:33:03Z" MajorVersion="1" MinorVersion="1"
Recipient="https://dev66.asglab.juniper.net/dana-na/auth/saml-consumer.cgi"
ResponseID="_77ebd671a4962fbeee80b2c3b4a9f3c88866a468">
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#_77ebd671a4962fbeee80b2c3b4a9f3c88866a468">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>ia1c5ZlunlQ8AaWkFQW41JODwRo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
GhVqKQZ/YbxGU4RvafuVyPmkO+LZ4TpDFbYJbKUl///Gef0AViCn9LGZUulSz3t9UpJtraaBCI6K
JwxuyNfANKdc4rFN2GlqjZEbgowODplrOhESLvhYQ+qtlZR24jYHvJ3tteV9oA4lS/blqFljjJRP
3n5JQO7lIQmO+LxPjuM=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
x4m59JXQxfHQWdKblEui1hWzGKM6bAUjARTv5S2NqcZN96Z+GoaBqstYXtu8HwPp9GSdMbz9Czww
Qh5F+6ZjO6uOmx/QKrbeku089HMaVw3l1+r9txlLXpoHj+YQobUwTlBn3XfgLgjhW+Qv0aFPcl0P
5rO2rq3G/o0Fc3SRYUE=
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="samlp:Success"></samlp:StatusCode>
</samlp:Status>
<saml:Assertion AssertionID="_9e87897312c38091b51cc438c8339001aab25078"
IssueInstant="2005-12-14T21:33:03Z"
Issuer="_2843944d06ad0e6a63ed936a24eed67585e47b66" MajorVersion="1"
MinorVersion="1"><saml:Conditions NotBefore="2005-12-14T21:28:03Z"
NotOnOrAfter="2005-12-14T21:43:03Z"></saml:Conditions><saml:AuthenticationStatement
AuthenticationInstant="2005-12-14T21:33:01Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"><saml:Subject><saml:NameIdentifier
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"
NameQualifier="default">uid=sgraham</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#_9e87897312c38091b51cc438c8339001aab25078">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>SL/21+9pL4MJ+W5D75yTi4jgPoo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
SDdnZfEc6ezzRqcI/nuVfx/QbA+RP/SmbNFZEV239XvTm8U1ZE4xV3f0XF2XdHKRWPTOqDak+9xX
oRvtiYfYaPTjtx+jF8nXFs3yjjw/VvtjaAFH/sP7x/Jmi32mvqQ/IlEI0++etcH2JWwcSKz305MZ
NsYRUNd0AFnm8YkjyBU=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
x4m59JXQxfHQWdKblEui1hWzGKM6bAUjARTv5S2NqcZN96Z+GoaBqstYXtu8HwPp9GSdMbz9Czww
Qh5F+6ZjO6uOmx/QKrbeku089HMaVw3l1+r9txlLXpoHj+YQobUwTlBn3XfgLgjhW+Qv0aFPcl0P
5rO2rq3G/o0Fc3SRYUE=
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
</saml:Assertion>
</samlp:Response>
- getting InvalidCryptoException in SAMLResponse verification, Bin Lu, 12/14/2005
- RE: getting InvalidCryptoException in SAMLResponse verification, Scott Cantor, 12/14/2005
- Re: getting InvalidCryptoException in SAMLResponse verification, Bin Lu, 12/14/2005
- RE: getting InvalidCryptoException in SAMLResponse verification, Scott Cantor, 12/14/2005
- Re: getting InvalidCryptoException in SAMLResponse verification, Bin Lu, 12/15/2005
- RE: getting InvalidCryptoException in SAMLResponse verification, Scott Cantor, 12/15/2005
- Re: getting InvalidCryptoException in SAMLResponse verification, Bin Lu, 12/15/2005
- RE: getting InvalidCryptoException in SAMLResponse verification, Scott Cantor, 12/14/2005
- Re: getting InvalidCryptoException in SAMLResponse verification, Bin Lu, 12/14/2005
- <Possible follow-up(s)>
- Re: getting InvalidCryptoException in SAMLResponse verification, Bin Lu, 12/15/2005
- RE: getting InvalidCryptoException in SAMLResponse verification, Scott Cantor, 12/15/2005
- Re: getting InvalidCryptoException in SAMLResponse verification, Bin Lu, 12/15/2005
- RE: getting InvalidCryptoException in SAMLResponse verification, Scott Cantor, 12/15/2005
- RE: getting InvalidCryptoException in SAMLResponse verification, Scott Cantor, 12/22/2005
- Re: getting InvalidCryptoException in SAMLResponse verification, Bin Lu, 12/22/2005
- RE: getting InvalidCryptoException in SAMLResponse verification, Scott Cantor, 12/22/2005
- Re: getting InvalidCryptoException in SAMLResponse verification, Bin Lu, 12/22/2005
- RE: getting InvalidCryptoException in SAMLResponse verification, Scott Cantor, 12/14/2005
Archive powered by MHonArc 2.6.16.