OpenSAML user discussion

[Brent Putman <>]

Oh, I didn't notice before: you also need to set the signature and
canonicalization algorithm URI's.  There's a full example in this unit
test (an Assertion, but same thing).

http://tinyurl.com/ytg9kh


Those correspond to the SignatureMethod and CanonicalizationMethod
elements of the SignedInfo.  Those are mandatory to the signature
process.  So before marshalling (and signing) you need to also do:

sig.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
sig.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA);

Change the actual algorithms URI params to suit your needs.

I also see that these steps aren't explicitly mentioned in the Wiki doc
page.  I'll add something there.

You might also want to run something newer than 3-month old code.  The
security-related stuff (signature, encryption, credential/key
management, etc) has changed a lot in that time.

--Brent



Mike Klein wrote:
> Doing marshalling first yields error regarding null signature algorithm.
> Am I perhaps creating signature incorrectly?
>
> I am on an older main/latest...from like 3 mos back.
>
> Caused by: org.apache.xml.security.signature.XMLSignatureException: The
> requested algorithm null does not exist. Original Message was: null
> Original Exception was java.lang.NullPointerException
>     at
> org.apache.xml.security.algorithms.SignatureAlgorithm.<init>(Unknown Source)
>     at org.apache.xml.security.signature.SignedInfo.<init>(Unknown Source)
>     at org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
>     at org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
>     at
> org.opensaml.xml.signature.impl.SignatureMarshaller.createSignatureElement(SignatureMarshaller.java:113)
>     ... 57 more
>
>
> mike
>   
>