mace-opensaml-users - Re: Signature Verification error
Subject: OpenSAML user discussion
List archive
- From: Brad Anderson <>
- To:
- Subject: Re: Signature Verification error
- Date: Mon, 04 Dec 2006 10:40:07 -0500
- Organization: The Sankaty Group, Inc.
Brad Anderson wrote:
>
> Investigating further, I turned on log4j DEBUG and after sifting thru it, I
> found this:
>
> http://www.rafb.net/paste/results/LKkGF956.html
>
> The last line there, about ignoring the unknown element {}Signature - is
> this
> expecting ds:Signature?
>
> One of our signed assertions (Signature node) looks like this:
>
> <Signature
> xmlns="http://www.w3.org/2000/09/xmldsig#";>
> <SignedInfo>
> <CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; />
> <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
> <Reference URI="">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />
> </Transforms>
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
> <DigestValue>6mmsd0QVzikiEuFap5g5R9Ahtr8=</DigestValue>
> </Reference>
> </SignedInfo>
>
> <SignatureValue>XQSNx69JX+FnXAeb7GZ4wF2uMpMO4LrAHriz886m1DvEySiB1n6X2dzZJfBAsNiBEemterh9m3nwDn323xK1r2EdArFEmK2YPqaKfnOSo65zW9jXS83EWU7aZSA/OojamRNWfzshswxsvKg1b0B/l6gJzQeLUsF3hTwFD4UEqFI=</SignatureValue>
> </Signature>
>
> Anything I'm missing ??
>
> Thanks,
> BA
>
I have the latest and greatest code as of this morning. Here's the debug
output. Is there a setting I can flip to get this thing to not ignore the
Signature element? I haven't had time to go thru the code, and it's a foreign
land to me in there, anyway.
BA
ssor24] DEBUG org.opensaml.xml.XMLConfigurator - Creating instance of
org.opensaml.saml2.metadata.validator.SingleLogoutServiceSchemaValidator
20629 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.SingleSignOnServiceSchemaValidator
20629 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.SingleSignOnServiceSchemaValidator
20630 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.SPSSODescriptorSchemaValidator
20630 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.SPSSODescriptorSchemaValidator
20631 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.SurNameSchemaValidator
20631 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.SurNameSchemaValidator
20632 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.TelephoneNumberSchemaValidator
20632 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.TelephoneNumberSchemaValidator
20633 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
ValidtorSuite saml2-metadata-schema-validator has been initialized
20633 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
ValidtorSuite saml2-metadata-schema-validator has been initialized
20634 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Initializing ValidatorSuite saml2-metadata-spec-validator
20634 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Initializing ValidatorSuite saml2-metadata-spec-validator
20634 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.ArtifactResolutionServiceSpecValidator
20634 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.ArtifactResolutionServiceSpecValidator
20635 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.AttributeAuthorityDescriptorSpecValidator
20635 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.AttributeAuthorityDescriptorSpecValidator
20636 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.AuthnAuthorityDescriptorSpecValidator
20636 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.AuthnAuthorityDescriptorSpecValidator
20637 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.EntitiesDescriptorSpecValidator
20637 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.EntitiesDescriptorSpecValidator
20638 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.EntityDescriptorSpecValidator
20638 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.EntityDescriptorSpecValidator
20639 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.IDPSSODescriptorSpecValidator
20639 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.IDPSSODescriptorSpecValidator
20641 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.NameIDMappingServiceSpecValidator
20641 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.NameIDMappingServiceSpecValidator
20642 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.PDPDescriptorSpecValidator
20642 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.PDPDescriptorSpecValidator
20643 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.SingleSignOnServiceSpecValidator
20643 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.SingleSignOnServiceSpecValidator
20644 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.SPSSODescriptorSpecValidator
20644 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
Creating instance of
org.opensaml.saml2.metadata.validator.SPSSODescriptorSpecValidator
20645 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
ValidtorSuite saml2-metadata-spec-validator has been initialized
20645 [http-8080-Processor24] DEBUG org.opensaml.xml.XMLConfigurator -
ValidtorSuite saml2-metadata-spec-validator has been initialized
20646 [http-8080-Processor24] INFO org.opensaml.xml.XMLConfigurator -
ValidatorSuites load complete
20646 [http-8080-Processor24] INFO org.opensaml.xml.XMLConfigurator -
ValidatorSuites load complete
20659 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Starting to unmarshall
DOM element {urn:oasis:names:tc:SAML:1.0:assertion}Assertion
20659 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Starting to unmarshall
DOM element {urn:oasis:names:tc:SAML:1.0:assertion}Assertion
20660 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Checking that
{urn:oasis:names:tc:SAML:1.0:assertion}Assertion meets target criteria.
20660 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Checking that
{urn:oasis:names:tc:SAML:1.0:assertion}Assertion meets target criteria.
20660 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller -
{urn:oasis:names:tc:SAML:1.0:assertion}Assertion element name matches target.
20660 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller -
{urn:oasis:names:tc:SAML:1.0:assertion}Assertion element name matches target.
20660 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Building XMLObject for
{urn:oasis:names:tc:SAML:1.0:assertion}Assertion
20660 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Building XMLObject for
{urn:oasis:names:tc:SAML:1.0:assertion}Asserp-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Pre-processing attribute
IssueInstant
20681 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Attribute IssueInstant
is neither a schema type nor namespace, calling processAttribute()
20681 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Attribute IssueInstant
is neither a schema type nor namespace, calling processAttribute()
20833 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Pre-processing attribute
Issuer
20833 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarsh//www.w3.org/2000/xmlns/}xsi
20836 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Pre-processing attribute
{http://www.w3.org/20rg.opensaml.xml.io.AbstractXMLObjectUnmarshaller -
Building XMLObject for {urn:oasis:names:tc:SAML:1.0:assertion}Conditions
20842 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Unmarshalling attributes
of DOM Element {urn:oasis:names:tc:SAML:1.0:assertion}Conditions
20842 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Unmarshalling attributes
of DOM Element {urn:oasis:names:tc:SAML:1.0:assertion}Conditions
20842 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Pre-processing attribute
NotBefore
20842 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Pre-processing attribute
NotBefore
20845 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Attribute NotBefore is
neither a schema type nor namespace, calling processAttribute()
20845 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Attribute NotBefore is
neither a schema type nor namespace, calling processAttribute()
20845 [http-8080-Processor24] DEBUG org.opensaml.xml.io.] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Building XMLObject for
{urn:oasis:names:tc:SAML:1.0:assertion}AuthenticationStatement
20847 [http-8080-Processor24] DEBUG org.opensaml.xml.et.
20851 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller -
{urn:oasis:names:tc:SAML:1.0:assertion}Subject element name matches target.
20851 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Building XMLObject for
{urn:oasis:names:tc:SAML:1.0:assertion}Subject
20851 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Building XMLObject for
{urn:oasis:names:tc:SAML:1.0:assertion}Subject
20853 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Unmarshalling attributes
of DOM Element {urn:oasis:names:tc:SAML:1.0:assertion}Subject
20853 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Unmarshalling attributes
of DOM Element {urn:oasis:names:tc:SAML:1.0:assertion}Subject
20854 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Unmarshalling other
child nodes of DOM Element {urn:oasis:names:tc:SAML:1.0:assertion}Subject
20854 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Unmarshalling other
child nodes of DOM Element {urn:oasis:names:tc:SAML:1.0:assertion}Subject
20854 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Unmarshalling child
elements of XMLObject {urn:oasis:names:tc:SAML:1.0:assertion}Subject
20854 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Unmarshalling child
elements of XMLObject {urn:oasis:names:tc:SAML:1.0:assertion}Subject
20854 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Unmarshalling child
element {urn:oasis:names:tc:SAML:1.0:assertion}NameIdentifier with
unmarshaller org.opensaml.saml1.core.impl.NameIdentifierUnmarshaller
20854 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Unmarshalling child
element {urn:oasis:names:tc:SAML:1.0:assertion}NameIdentifier with
unmarshaller org.opensaml.saml1.core.impl.NameIdentifierUnmarshaller
20854 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Starting to unmarshall
DOM element {urn:oasis:names:tc:SAML:1.0:assertion}NameIdentifier
20854 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Starting to unmarshall
DOM element {urn:oasis:names:tc:SAML:1.0:assertion}NameIdentifier
20854 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Checking that
{urn:oasis:names:tc:SAML:1.0:assertion}NameIdentifier meets target criteria.
20854 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Checking that
{urn:oasis:names:tc:SAML:1.0:assertion}NameIdentifier meets target criteria.
20855 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller -
{urn:oasis:names:tc:SAML:1.0:assertion}NameIdentifier element name matches
target.
20855 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller -
{urn:oasis:names:tc:SAML:1.0:assertion}NameIdentifier element name matches
target.
20855 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Building XMLObject for
{urn:oasis:names:tc:SAML:1.0:assertion}NameIdentifier
20855 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Building XMLObject for
{urn:oasis:names:tc:SAML:1.0:assertion}NameIdentifier
20856 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Unmarshalling attributes
of DOM Element {urn:oasis:names:tc:SAML:1.0:assertion}NameIdentifier
20856 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller - Unmarshalling attributes
of DOM Element {urn:oasis:names:tc:SAML:1.0:assertion}NameIdentifier
20856 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.Abssaml.xml.io.AbstractXMLObjec:assertion}SubjectConfirmation
20860 [http-8080-Processor24] DEBUG
org.opensaml.xml.io.AbstractXMLObjectUnmarshaller -
Un0/09/xmldsig#}Signature with unmarshaller orgshaller p-8080-Processor24]
DEBUG org.opensaml.xml.io.AbstractXMLller was registered for
{http://www.w3.org/2000/09/xmldsig#}SignatureMethod, child of
{http://www.w.io.AbstractXMLObjectUnmarshaller - No unmarshaller was
registere24] DEBUG org.opensaml.xml.io.AbstractXMLObjectUnmarshaller -
Checking that
{http://www.w3.org/2000/09/xmldsig#}Transform09/xmldsig#}DigestMethod was not
veriensaml.xml.io.AbstractXMLObjectUnmarshaller - Starting to unmarshall DOM
element {http://www.w3.org/2000/09/xmldsig#}Dige
- Re: Signature Verification error, Brad Anderson, 12/04/2006
- RE: Signature Verification error, Scott Cantor, 12/04/2006
- Re: Signature Verification error, Brad Anderson, 12/04/2006
- RE: Signature Verification error, Scott Cantor, 12/04/2006
- Re: Signature Verification error, Brad Anderson, 12/04/2006
- RE: Signature Verification error, Scott Cantor, 12/04/2006
Archive powered by MHonArc 2.6.16.