Skip to Content.
Sympa Menu

mace-opensaml-users - Re: getting InvalidCryptoException in SAMLResponse verification

Subject: OpenSAML user discussion

List archive

Re: getting InvalidCryptoException in SAMLResponse verification


Chronological Thread 
  • From: Bin Lu <>
  • To: Scott Cantor <>
  • Cc:
  • Subject: Re: getting InvalidCryptoException in SAMLResponse verification
  • Date: Thu, 15 Dec 2005 18:42:34 -0800

Sorry Scott, I don't quite understand what you said. See my comments below.


Scott Cantor wrote:
After I checked the new opensaml and xml-security code I am 
still not confident that they will fix my problem.  Basically it depends
    
on
  
the following test cases, with the attached xml input for the
DOM tree and "_77ebd671a4962fbeee80b2c3b4a9f3c88866a468" as 
the fragment value, can

1. DOMDocument::getElementById(fragment) returns a non-null value
2. TXFMDocObject::setInput(doc, (XMLCh*)fragment) throws no exception
    

There's no possible way for me to say it will or won't work. As I told you,
I know what the root cause is, but I have no idea what your actual bug is.
  
Did you tell me the root cause ? What is it ?  My problem is that when I call the verify() class method
of SAMLResponse, it always complains about "XMLSec exception: Referenced ID is not in DOM Document".

With the saml response xml file I attached in the previous mail, wouldn't it easy for somebody out there
who has the newer opensaml environment to write a simple program to convert the xml file to DOMDocument
and then call DOMDocument::getElementById(XMLCh *fragment) where fragment equals to the Response ID(from the xml file) ?
(just a few lines of coe though, maybe I am asking too much ...)

Thanks,
-binlu
  
either 1 or 2 be satisfied ? Since I don't have all the components needed
    
to
  
run the testwith the new opensaml, it would be greately appreciated if 
somebody could show me that it does work.
    

Impossible to answer. For me, it works. That's all I can say. If it doesn't
work, I can help. I cannot (or I should say I will not) help for a version
that is that out of date.

-- Scott
  




Archive powered by MHonArc 2.6.16.

Top of Page