OpenSAML user discussion

[Brent Putman <>]

Massimiliano Masi wrote:
>
>
>        assertionSignature.getContentReferences().add(new
> SAMLObjectContentReference(assertion));
>  

You don't need to do this for the signable SAML objects in
java-opensaml2 because, we override the setSignature method on
AbstractSignableSAMLObject as follows:

public void setSignature(Signature newSignature) {
        newSignature.getContentReferences().add(new
SAMLObjectContentReference(this));
        super.setSignature(newSignature);
    }


This is the only allowed usage wrt the SAML spec, as Scott already
pointed out, so we do it as a convenience.  The Javadocs do note this:

/**
     * 
{@inheritDoc}
     *
     * When a signature is added, a default content reference that uses
the ID of this object will be
     * created and added to the signature at the time of signing. See
{@link
 SAMLObjectContentReference}
     * for the default digest algorithm and transforms that will be
used.  These default values may be
     * changed prior to marshalling this object.
     */


>
> in the ds:Signature I've the reference of the assertion twice:

Yeah, just don't manually add the SAMLObjectContentReference, and things
should be good.  Did you see this in examples or docs for opensaml2 on
the wiki or elsewhere?  If so, let me know and I'll fix them.  I think
the above was not the original behavior (we didn't override
setSignature), so there may be docs/examples that are out-of-sync.

--Brent