mace-opensaml-users - RE: Signing problem
Subject: OpenSAML user discussion
List archive
- From: "Paul Hethmon" <>
- To: <>
- Subject: RE: Signing problem
- Date: Fri, 24 Aug 2007 15:48:44 -0700
You might also take a look at my project here:
http://code.crt.realtors.org/projects/websso
This is an IdP, SP project building on OpenSAML. I've got working code in it
to do the signing as of early August.
Two things to caution you about:
1. I'm building against snapshots of OpenSAML. My code will not build against
OpenSAML today. I do have a snapshot of the jars in subversion though.
2. My code puts a colon character in the ID attribute values. That breaks
Google and PingID, or at least is disallowed by them. You will need to change
it.
Paul
-----Original Message-----
From: Brent Putman
[mailto:]
Sent: Fri 8/24/2007 1:56 PM
To:
Subject: Re: Signing problem
The wiki example is a little out of date, we've had some API changes
since then. I'll try and fix those soon.
Instead of suppling a signing key to a Signature, you now supply a
signing Credential which contains the signing key, via
Signature#setSigningCredential(Credential). This was to make the
library API more consistent.
If you're not obtaining a signing Credential from a CredentialResolver,
you can just build a simple credential that wraps a symmetric key or key
pair with one of the utility methods in
org.opensaml.xml.security.SecurityHelper
Credential getSimpleCredential(PublicKey, PrivateKey)
Credential getSimpleCredential(SecretKey)
--Brent
Massimiliano Masi wrote:
> Hi all,
>
> I have a problem signing an assertion.
> I have the following code (I imported my public/private keys,
> respectively
> in PEM and DER format):
>
> SignatureBuilder signatureBuilder = (SignatureBuilder)
> builderFactory.getBuilder(Signature.DEFAULT_ELEMENT_NAME);
> Signature assertionSignature =
> signatureBuilder.buildObject();
>
> assertionSignature.getContentReferences().add(new
> SAMLObjectContentReference(assertion));
>
>
>
> Now, the guide
> (https://spaces.internet2.edu/display/SHIB/OSTwoUserManJavaDSIG)
> says:
>
> Add the key that will be used to sign with the
> Signature#setSigningKey(Key) method
>
> but the assertionSignature object does not have a setSigningKey().
>
>
> How can I add my pvt key to the Signature?
>
>
> Thank you,
>
>
> Massimiliano
>
>
>
>
>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
<<winmail.dat>>
- Signing problem, Massimiliano Masi, 08/24/2007
- Re: Signing problem, Brent Putman, 08/24/2007
- RE: Signing problem, Paul Hethmon, 08/24/2007
- Re: Signing problem, Massimiliano Masi, 08/27/2007
- Re: Signing problem, Brent Putman, 08/27/2007
- Re: Signing problem, Brent Putman, 08/24/2007
Archive powered by MHonArc 2.6.16.