Skip to Content.
Sympa Menu

mace-opensaml-users - Response signature validation

Subject: OpenSAML user discussion

List archive

Response signature validation

Chronological Thread 
  • From: Laurent CHARTIER <>
  • To:
  • Subject: Response signature validation
  • Date: Fri, 20 Apr 2007 11:46:42 +0200
  • Importance: Normal

Hi all,
I got a SAML response containing a SAML assertion. The SAML response is
But when I try to validate the signature of the response with a
SignatureValidator I got an error.
Am I wrong if I think that the bytes needed to verify a SAML response
are the entire reponse and not only the assertion contained in the

In facts, when the validation occurs, I can see the getReferencesBytes
method from the Reference class returning the bytes of the assertion,
not the bytes of the response.
So the digest value used to compare with the one in the signature seems
not to be calculated from the same bytes.
In consequence "Signature did not validate against any public keys from

The sequence is:


Ce message est prot?g? par les r?gles relatives au secret des
correspondances. Il est donc ?tabli ? destination exclusive de son
destinataire. Celui-ci peut donc contenir des informations confidentielles.
La divulgation de ces informations est ? ce titre rigoureusement interdite.
Si vous avez re?u ce message par erreur, merci de le renvoyer ? l'exp?diteur
dont l'adresse e-mail figure ci-dessus et de d?truire le message ainsi que
toute pi?ce jointe.

This message is protected by the secrecy of correspondence rules. Therefore,
this message is intended solely for the attention of the addressee. This
message may contain privileged or confidential information, as such the
disclosure of these informations is strictly forbidden. If, by mistake, you
have received this message, please return this message to the addressser
whose e-mail address is written above and destroy this message and all files

Archive powered by MHonArc 2.6.16.

Top of Page