OpenSAML user discussion

[Brent Putman <>]

Exjobb Nexus wrote:
>
>
> As you can see the namespace ds is redefined everywhere (xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#";).
> I would like it to be defined once in the signature-tag. Can´t figure
> out how. Can someone help me?


Unfortunately these redundant declarations are inserted by the Apache
XML Security library, which is what is generating the signature elements
and children.  I don't know of any way to turn off this behavior off. 
I've noticed it before, but haven't looked into it in detail since it's
primarily a cosmetic thing, it doesn't affect the correct functioning of
the signature, etc. (unless the few hundred extra bytes of data in the
message are a concern...).

I can ask over on the xmlsec developers list if they have any settings
to adjust this aspect of the signature handling (I can't find any in the
docs).  If they don't, we *might* be able to handle it in the signature
marshaller by post-processing the DOM Elements generated by the Apache
library (before signing).   It will probably be at least a couple of
weeks before I could look into it, however, we're trying to get
OpenSAML2 and Shib 2.0 out the door..  Since it seems mostly cosmetic,
it's gonna be pretty low on the priority list.

--Brent