OpenSAML user discussion

["Paul Hethmon" <>]

Sure, here's what I originally thought to do:

      socr = new
org.opensaml.common.impl.SAMLObjectContentReference(assertion);
      signature.getContentReferences().add(socr);
      assertion.setSignature(signature);
      // Now sign it
      org.opensaml.xml.signature.Signer.signObject(signature);

That doesn't error out, but ends up without a signature value. A message
on the mailing list from last October led me to this:

      socr = new
org.opensaml.common.impl.SAMLObjectContentReference(assertion);
      signature.getContentReferences().add(socr);
      assertion.setSignature(signature);
      // Get the marshaller factory
      MarshallerFactory marshallerFactory =
org.opensaml.Configuration.getMarshallerFactory();
      Marshaller marshaller =
marshallerFactory.getMarshaller(assertion);
      try {
        // By marshalling the assertion, we will create the XML so that
the signing will have something to sign
        marshaller.marshall(assertion);
      } catch (MarshallingException e) {
        e.printStackTrace();
      }
      // Now sign it
      org.opensaml.xml.signature.Signer.signObject(signature);

That seems to work to the best I can figure out. At least I can validate
with my public key after signing this way.

Paul


-----Original Message-----
From: Chad La Joie 
[mailto:]
 
Sent: Sunday, August 05, 2007 12:33 PM
To: 

Subject: Re: decoding public keys in metadata

Paul Hethmon wrote:
> One thing that did throw me was actually computing the signature, it
was
> certainly not intuitive to me that I needed to marshall the signature
> the compute it. In hindsight, it makes sense as that is the
> representation that the signature is computing over, but getting the
> error that XMLSignature is null made me hit my head against the
keyboard
> for a while.

I think I understand what you're saying here but could you elaborate a
bit on this?  Maybe a snippet of code?
-- 
Chad La Joie             2052-C Harris Bldg
OIS-Middleware           202.687.0124