mace-opensaml-users - Sha2 signature info requested
Subject: OpenSAML user discussion
List archive
- From: Prasanna Krishna <>
- To: <>
- Subject: Sha2 signature info requested
- Date: Tue, 2 Oct 2007 19:07:26 +0000
- Importance: Normal
|
Hi - Can you please let me know what needs to be done to set the signature algorithm and digest value set to sha256? Currently in my code I set only signature algorithm which if I set to sha1 as per one of the examples on signing on OPENSAML site, it get the following in the output: <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> Code piece that does the magic: SignatureBuilder sb = new SignatureBuilder();Signature sig = sb.buildObject(); SAMLObjectContentReference soref = new SAMLObjectContentReference(response); sig.getContentReferences().add(soref); SecurityAdapter service = SecurityConfig.getInstance().getService( "foo");PrivateKey pk = service.getPrivateKey(); sig.setSigningKey(pk); sig .setSignatureAlgorithm( http://www.w3.org/2000/04/xmldsig#rsa-sha1);sig .setCanonicalizationAlgorithm( "http://www.w3.org/TR/2001/REC-xml-c14n-20010315");response.setSignature(sig); Element authElement = marshall(response); Signer.signObject(sig);The final goal is to have sha256. Does opensaml support it and how can that be achieved. Please note that I am not setting digest method algo to anything but its being pickedup as sha256. Thanks Prasanna Krishna Note: Also pasting the entire xml that got generated through SAML for one of our requests: <?xml version="1.0" encoding="UTF-16"?> <samlp:Response ID="1" IssueInstant="2007-07-27T01:16:02.214Z" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://foo.com</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:Reference URI="#1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ec:InclusiveNamespaces PrefixList="ds saml samlp xs" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">nKyqW+hMFCs90jI0Ux9Jw1mpUtyA5D+ZmFuET2Gq034=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ec:InclusiveNamespaces PrefixList="ds saml samlp xs" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">nKyqW+hMFCs90jI0Ux9Jw1mpUtyA5D+ZmFuET2Gq034=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> VKQ7Hdi+D3XKOf6tsnFp5GJiu3Exoa5ELa0KYNDUTIz5JOArWdXE3lnOOZTyOz+cDfPoysOiDbBq LfrWhTJjsQqQBkeZU5jTqdSVFigL1vGEN7Ctue6P/Q1mMlyshIq6g1qhFadOxuvdZ3aL4Fe8tXT+ atymDgZAz6ycTJ/3PJ4= </ds:SignatureValue> </ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion ID="5000000733" IssueInstant="2007-07-27T01:16:02.214Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified">https://foo.com</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">immid_929285324</saml:NameID></saml:Subject><saml:Conditions NotBefore="2007-07-27T08:15:49.000Z" NotOnOrAfter="2009-03-18T01:16:02.214Z"/><saml:AuthnStatement AuthnInstant="2007-07-27T01:16:02.214Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute FriendlyName="Visible Identifier" Name="Visible_Identifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">vi1_676215582</saml:AttributeValue></saml:Attribute><saml:Attribute FriendlyName="Visible Identifier" Name="Visible_Identifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">vi2_396157677</saml:AttributeValue></saml:Attribute><saml:Attribute FriendlyName="Identity Attribute" Name="TestPlatform1.attribute1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">value1</saml:AttributeValue></saml:Attribute><saml:Attribute FriendlyName="Identity Attribute" Name="TestPlatform1.attribute2" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">value21%2Cvalue22</saml:AttributeValue></saml:Attribute><saml:Attribute FriendlyName="Public Data" Name="publicData" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">a</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response> Check out some new online services at Windows Live Ideas—so new they haven’t even been officially released yet. Try it! |
- Sha2 signature info requested, Prasanna Krishna, 10/02/2007
- Re: Sha2 signature info requested, Brent Putman, 10/02/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/02/2007
- Re: Sha2 signature info requested, Brent Putman, 10/02/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/03/2007
- RE: Sha2 signature info requested, Paul Hethmon, 10/03/2007
- RE: Sha2 signature info requested, Scott Cantor, 10/03/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/03/2007
- Notes on KeyInfoGenerator (was: RE: Sha2 signature info requested), Brent Putman, 10/03/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/05/2007
- Re: Sha2 signature info requested, Brent Putman, 10/05/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/05/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/03/2007
- Re: Sha2 signature info requested, Brent Putman, 10/02/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/02/2007
- Re: Sha2 signature info requested, Brent Putman, 10/02/2007
Archive powered by MHonArc 2.6.16.