mace-opensaml-users - RE: Sha2 signature info requested
Subject: OpenSAML user discussion
List archive
- From: "Paul Hethmon" <>
- To: <>
- Subject: RE: Sha2 signature info requested
- Date: Wed, 3 Oct 2007 07:05:27 -0700
Prasanna, Take a look at my documents and code here where I've created a
SP/IdP wrapper around the OpenSAML libraries. It's not complete, but the document
attempts to explain what's being done and the code has lots of comments. http://code.crt.realtors.org/projects/websso Paul From: Prasanna Krishna
[mailto:] Hi
Brent - An
error occured computing the digital signature org.apache.xml.security.signature.XMLSignatureException:
Unknown canonicalizer. No handler installed for URI
http://www.w3.org/2001/04/xmlenc#sha256 Original
Exception was org.apache.xml.security.c14n.InvalidCanonicalizerException:
Unknown canonicalizer. No handler installed for URI
http://www.w3.org/2001/04/xmlenc#sha256 at
org.apache.xml.security.signature.XMLSignature.sign(Unknown Source) at
org.opensaml.xml.signature.Signer.signObject(Signer.java:77) // NOTE: The following 6 steps to sign SAML doc are picked up
from //
https://spaces.internet2.edu/display/SHIB/OSTwoUserManJavaDSIG // Step 1: Create a Signature object using the // org.opensaml.xml.signature.SignatureBuilder (this is found in
the // XMLTooling library). SignatureBuilder
sb = new SignatureBuilder(); Signature
sig = sb.buildObject(); // Step 2: Add the Credential containing the signing key using
the // Signature#setSigningCredential(Credential) method. Credential
cr = SecurityHelper.getSimpleCredential(service .getSignatureCertificate().getPublicKey(),
service .getPrivateKey()); sig.setSigningCredential(cr); // Step 3: Add the signature method algorithm URI with the
method // Signature#setSignatureAlgorithm(String). Note that the
algorithm // URI is dependent on the type of key contained with the
signing // credential. sig .setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); // Step 4: Add the canonicalization method algorithm URI with
the // method // Signature#setCanonicalizationAlgorithm(String). sig.setCanonicalizationAlgorithm(EncryptionConstants.ALGO_ID_DIGEST_SHA256); // Step 5: If desired, add a KeyInfo containing information
about // the // signature verification key using
Signature#setKeyInfo(KeyInfo). // The KeyInfo may be created manually, or may be generated // dynamically from the signing credential using a
KeyInfoGenerator, // usually obtained from a KeyInfoGeneratorFactory via a // KeyInfoGeneratorManager. KeyInfoGeneratorManager
kmgr = new KeyInfoGeneratorManager(); KeyInfoGeneratorFactory
kfactory = kmgr.getFactory(cr); KeyInfoGenerator
kgenerator = kfactory.newInstance(); KeyInfo
kinfo = kgenerator.generate(cr); sig.setKeyInfo(kinfo); // Step 6: Add the Signature to the SAMLObject using the // setSignature(Signature) method. A SAMLObjectContentReference
will // automatically be added to the list of signature references // exposed via Signature#getContentReferences() response.setSignature(sig); // Step 7: As suggested by Brent ((SAMLObjectContentReference)
sig.getContentReferences().get(0)) .setDigestAlgorithm(EncryptionConstants.ALGO_ID_DIGEST_SHA256);
Date:
Tue, 2 Oct 2007 18:14:36 -0400 Hi
Brent -
Windows
Live Spaces is here! It’s easy to create your own personal Web site. Check it out! |
- Sha2 signature info requested, Prasanna Krishna, 10/02/2007
- Re: Sha2 signature info requested, Brent Putman, 10/02/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/02/2007
- Re: Sha2 signature info requested, Brent Putman, 10/02/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/03/2007
- RE: Sha2 signature info requested, Paul Hethmon, 10/03/2007
- RE: Sha2 signature info requested, Scott Cantor, 10/03/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/03/2007
- Notes on KeyInfoGenerator (was: RE: Sha2 signature info requested), Brent Putman, 10/03/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/05/2007
- Re: Sha2 signature info requested, Brent Putman, 10/05/2007
- RE: Sha2 signature info requested, Scott Cantor, 10/05/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/05/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/03/2007
- Re: Sha2 signature info requested, Brent Putman, 10/02/2007
- RE: Sha2 signature info requested, Prasanna Krishna, 10/02/2007
- Re: Sha2 signature info requested, Brent Putman, 10/02/2007
Archive powered by MHonArc 2.6.16.