Skip to Content.
Sympa Menu

mace-opensaml-users - RE: OpensamlTP2 Signature problem

Subject: OpenSAML user discussion

List archive

RE: OpensamlTP2 Signature problem


Chronological Thread 
  • From: "Giuseppe Sarno" <>
  • To: <>
  • Subject: RE: OpensamlTP2 Signature problem
  • Date: Mon, 16 Oct 2006 16:15:00 +0100
 
Hi,
It looks like the signature object requires a Sig Algo and Canonalization method:
       
        sign.setSigningKey(privKey);
        sign.setSignatureAlgorithm(org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_DSA);
        sign.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS);
        obj.setSignature(sign);
       
the Wiki might needs updating.
 
But Now in the Signature element I get 2 identical <ds:References>. Am I missing something ?Is this a Bug ?
 
Thanks.
 
 

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" AssertionConsumerServiceURL="http://www.example.com/"

AttributeConsumingServiceIndex="0" Consent="urn:oasis:names:tc:SAML:2.0:consent:obtained" Destination="http://www.example.com/" ForceAuthn="true" ID="abe567de6"

IssueInstant="2005-01-31T12:00:00.000Z" ProviderName="SomeProvider" Version="2.0">

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />

<ds:Reference URI="#abe567de6" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml samlp" />

</ds:Transform>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />

<ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />

</ds:Reference>

<ds:Reference URI="#abe567de6" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml samlp" />

</ds:Transform>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />

<ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />

</ds:Signature>

<saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">

<saml:NameID Format="urn:oasis:names:tc: SAML:1.1:nameid-format:emailAddress" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"></saml:NameID>

</saml:Subject>

<saml:Conditions xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">

<saml:AudienceRestriction xmlns:saml=" urn:oasis:names:tc:SAML:2.0:assertion">

<saml:Audience>urn:foo:sp.example.org</saml:Audience>

</saml:AudienceRestriction>

</saml:Conditions>

<samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>

</samlp:RequestedAuthnContext>

</samlp:AuthnRequest>


From: Sarno, Giuseppe (MOP:GM15)
Sent: 16 October 2006 14:33
To:
Subject: OpensamlTP2 Signature problem

Hi I receive this exception trying to sign a simple Request message:

org.opensaml.xml.io.MarshallingException: Unable to construct signature Element {http://www.w3.org/2000/09/xmldsig#}Sign
ature
        at org.opensaml.xml.signature.SignatureMarshaller.createSignatureElement(SignatureMarshaller.java:146)
        at org.opensaml.xml.signature.SignatureMarshaller.marshall(SignatureMarshaller.java:69)
        at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:371)
        at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:262)
        at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:152)
        at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:96)
       .................................
Caused by: org.apache.xml.security.signature.XMLSignatureException: The requested algorithm null does not exist. Origina
l Message was: null
Original Exception was java.lang.NullPointerException
        at org.apache.xml.security.algorithms.SignatureAlgorithm.<init>(Unknown Source)
        at org.apache.xml.security.signature.SignedInfo.<init>(Unknown Source)
        at org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
        at org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
        at org.opensaml.xml.signature.SignatureMarshaller.createSignatureElement(SignatureMarshaller.java:107)
        ... 10 more

 
I followed the instructions on the WiKi this is the code ...
 
public static SignableSAMLObject   signObject (SignableSAMLObject obj)
    {
       SAMLObjectContentReference  ref = new SAMLObjectContentReference(obj);
        SignatureBuilder build = new SignatureBuilder();
       
        Signature sign = build.buildObject();
        sign.getContentReferences().add(ref);
        PublicKey pubKey = null;
        PrivateKey privKey = null;
        try
        {
            KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
           keyGen.initialize(1024);
           KeyPair keypair = keyGen.genKeyPair();
           pubKey = keypair.getPublic();
           privKey = keypair.getPrivate();
        }
        catch (NoSuchAlgorithmException e)
        {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
       
        sign.setSigningKey(privKey);
        obj.setSignature(sign);
       
        return obj;


 
 
Then I Marshal the Object with this function and here I get the Exception:
 
public static  Element marshalSAMLMsg(XMLObject saml_obj)
    {
        MarshallerFactory marshallerFactory = Configuration.getMarshallerFactory();
        System.out.println("BLAH"); 
        if (saml_obj == null){
            System.out.println("OBJ");
        }
        else
            if (marshallerFactory == null)
            {
                System.out.println("FACTORY"); 
            }
            else{
                System.out.println("NONE");
            }
       
        // Get the Subject marshaller
        Marshaller marshaller = marshallerFactory.getMarshaller(saml_obj);
 
        // Marshall the Subject
        Element element = null;
      try {
              element = marshaller.marshall(saml_obj);
      } catch (MarshallingException e) {
              // TODO Auto-generated catch block
              e.printStackTrace();
      }
        return element;
}
 
Any idea ?
 
thanks.

Archive powered by MHonArc 2.6.16.

Top of Page