OpenSAML user discussion

[Laurent CHARTIER <>]

Title: Message

Hi all,

I'm trying to generate a signed assertion. But when I create the signature an then sign this object, another reference element is added to the signature.

The two elements are differents because I don't use SAMLObjectContentReference to create my reference.

I use one of my own where I can specifie the digest method I want to use (http://www.w3.org/2000/09/xmldsig#sha1) and the transform canonicalisation algorithm (http://www.w3.org/2001/10/xml-exc-c14n#)

 

Here is an exemple of the SAMLObject where there are 2 references:

 

<saml:Assertion xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="30a7cc05-0af4-40fa-92c9-7cfe0e839b48" IssueInstant="2007-04-06T11:14:47.187Z" Issuer="urn:iops:0017:idp:1.0" MajorVersion="1" MinorVersion="1"><saml:Conditions NotBefore="2007-04-06T11:11:47.187Z" NotOnOrAfter="2007-04-06T11:22:47.187Z"><saml:AudienceRestrictionCondition><saml:Audience>http://GestionMaison</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AuthenticationStatement AuthenticationInstant="2007-04-06T11:14:47.609Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">uid=MSAIOPS</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><saml:AttributeStatement><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">uid=MSAIOPS</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:Attribute AttributeName="PAGM" AttributeNamespace="urn:iops:attributs:pagm"><saml:AttributeValue>CNAMTSPAGM001</saml:AttributeValue><saml:AttributeValue>tst</saml:AttributeValue></saml:Attribute></saml:AttributeStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#30a7cc05-0af4-40fa-92c9-7cfe0e839b48">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>QjAewonXz/+B6Om8ee/Ad/fy2QY=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#30a7cc05-0af4-40fa-92c9-7cfe0e839b48">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml" /></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>8ktKimQrjePWyODncQ039QHPTqmp16qcmeK6SVG8PTc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
dXMNVYIaKNUQvaZg6RLDtyHQ5nJ3WNpZwpm3CR3CVPn2EyS34DciD7DoJxoLDnGcLhi52G45LZV/
yH0EjvoUfy2xvzWF0dIV2e/7u4OqN6v0mJoDAsqDoii9vCe7KpeLHAPEmF7JjjZ7v9Dwqxa3lK/n
KyhGV8enXGtiHN6l4l9c4/9rtw233gSFT1Dtd1e992Eiwt3MJxvjppQkAOMHlVKi5Y/uYmkJd3NZ
NI7Lxep6pxD+t2DsOYK5Vt6i2bLCcNau+5C0BkN5ILtYFoskolbDQu/rATjThLZbBPkQX3JD5AVO
ulCnp6KC7PGqm5oZDZcIPOy5AK7uLL5CIa3TMQ==
</ds:SignatureValue>
</ds:Signature></saml:Assertion>

 

I'm using JDK1.4 with the jar I made with the latests revisions I found on SVN.

Could someone help me?

Thanks

Ce message est prot?g? par les r?gles relatives au secret des correspondances. Il est donc ?tabli ? destination exclusive de son destinataire. Celui-ci peut donc contenir des informations confidentielles. La divulgation de ces informations est ? ce titre rigoureusement interdite. Si vous avez re?u ce message par erreur, merci de le renvoyer ? l'exp?diteur dont l'adresse e-mail figure ci-dessus et de d?truire le message ainsi que toute pi?ce jointe.

This message is protected by the secrecy of correspondence rules. Therefore, this message is intended solely for the attention of the addressee. This message may contain privileged or confidential information, as such the disclosure of these informations is strictly forbidden. If, by mistake, you have received this message, please return this message to the addressser whose e-mail address is written above and destroy this message and all files attached.