Skip to Content.
Sympa Menu

mace-opensaml-users - OpenSaml2 Library - SAML11 signature validation error

Subject: OpenSAML user discussion

List archive

OpenSaml2 Library - SAML11 signature validation error


Chronological Thread 
  • From: "Sankaranainar, Naveen" <>
  • To: <>
  • Subject: OpenSaml2 Library - SAML11 signature validation error
  • Date: Wed, 31 Jan 2007 19:45:56 -0500
Title: OpenSaml2 Library - SAML11 signature validation error

Hi,

  I am getting an error while validating SAML 1.1 assertion signature. I am using the OpenSaml 2 libraries (build from the svn on 12/28/06). Same code works fine if I validate the signature from SAML 2.0.

Any input is highly appreciated.

Thanks in advance!

Naveen 

- <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:SignedInfo>
  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
  <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
- <ds:Reference URI="#vz..kbXysc027PoEWu1E.XSFc3g">
- <ds:Transforms>
  <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
  </ds:Transforms>
  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
  <ds:DigestValue>o1WHMLInUHckjlQ/+thW5rpbVmY=</ds:DigestValue>
  </ds:Reference>
  </ds:SignedInfo>
  <ds:SignatureValue>x1PJi77FsvvH8PVTjvIPG4RA1osxkUdJ1P4Txvg2BZDLke2WkdCO1iJ1SBLCOga3vLWvSNOtNor4 mI1JaTgxV5kqZybYh5BAndLnxRlBSFAzGqAwKJuyNOKUpe89U3WDTEKWdM7EymGPMXUh98ijcbYU z31WCUFtYj+l6/55VNM=</ds:SignatureValue>

  </ds:Signature>

org.apache.xml.security.signature.XMLSignatureException: The Reference for URI #vz..kbXysc027PoEWu1E.XSFc3g has no XMLSignatureInput

Original Exception was org.apache.xml.security.signature.MissingResourceFailureException: The Reference for URI #vz..kbXysc027PoEWu1E.XSFc3g has no XMLSignatureInput

Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID vz..kbXysc027PoEWu1E.XSFc3g

Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID vz..kbXysc027PoEWu1E.XSFc3g

Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID vz..kbXysc027PoEWu1E.XSFc3g

Original Exception was org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID vz..kbXysc027PoEWu1E.XSFc3g


    public boolean hasValidSignature(Signature token,PublicKey publicKey) {
                SignatureTrustEngine trustEngine = new BasicX509SignatureTrustEngine();
                try {
                        FastList verificationKey = new FastList();
                        verificationKey.add(publicKey);
                        verificationKeyResolver = new DirectKeyInfoResolver(null,verificationKey, null, null);
                        if (!trustEngine.validate(token, null,verificationKeyResolver)) {
                                LogManager.err(" Failed to validate signature with proper public key");
                                return false;
                        }
                        return true;
                } catch (SecurityException e) {
                        LogManager.err(" Signature validation failed : " + e);
                        return false;
                }
        }


The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it.

Archive powered by MHonArc 2.6.16.

Top of Page