OpenSAML user discussion

[Chad La Joie <>]

Yeah, this is where this stuff gets nasty.  writeTo() is doing some 
particular type of marshalling and serialization process to get that 
SOAPMessage object into a string representation.  Whatever that process 
is may be covering up whatever changes have been made.  However, the 
signature algorithm may be using a different canonicalization process, 
for example, than writeTo() and so those changes may show up in that 
process.


Scott Cantor wrote:
> > Well, I did SOAPMessage.writeTo(), saved the output, and ran diff on
> > them, and diff said they were the same. I think that's a bit-for-bit
> > comparison. Do you have any idea how to do a more precise comparison, or
> > whether there might be some other problem?
>
> If there's no other indication, you're going to have to get at the digest
> input itself and compare the octets in each case to identify the difference.
>
> If the diff were really identical, it would work, unless there were a
> reference lookup error on one side due to ID attribute problems.
>  
> -- Scott

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
 http://www.switch.ch