mace-opensaml-users - Re: signature validation in OpenSAML2
Subject: OpenSAML user discussion
List archive
- From: Chad La Joie <>
- To:
- Subject: Re: signature validation in OpenSAML2
- Date: Tue, 11 Dec 2007 15:04:33 +0100
- Organization: SWITCH
Yeah, this is where this stuff gets nasty. writeTo() is doing some particular type of marshalling and serialization process to get that SOAPMessage object into a string representation. Whatever that process is may be covering up whatever changes have been made. However, the signature algorithm may be using a different canonicalization process, for example, than writeTo() and so those changes may show up in that process.
Scott Cantor wrote:
Well, I did SOAPMessage.writeTo(), saved the output, and ran diff on
them, and diff said they were the same. I think that's a bit-for-bit
comparison. Do you have any idea how to do a more precise comparison, or
whether there might be some other problem?
If there's no other indication, you're going to have to get at the digest
input itself and compare the octets in each case to identify the difference.
If the diff were really identical, it would work, unless there were a
reference lookup error on one side due to ID attribute problems.
-- Scott
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch
- signature validation in OpenSAML2, Kenny Pearce, 12/07/2007
- Re: signature validation in OpenSAML2, Brent Putman, 12/07/2007
- Re: signature validation in OpenSAML2, Kenny Pearce, 12/07/2007
- Re: signature validation in OpenSAML2, Kenny Pearce, 12/10/2007
- RE: signature validation in OpenSAML2, Scott Cantor, 12/10/2007
- Re: signature validation in OpenSAML2, Chad La Joie, 12/11/2007
- Re: signature validation in OpenSAML2, Kenny Pearce, 12/11/2007
- RE: signature validation in OpenSAML2, Scott Cantor, 12/11/2007
- Re: signature validation in OpenSAML2, Chad La Joie, 12/11/2007
- Re: signature validation in OpenSAML2, Kenny Pearce, 12/11/2007
- Re: signature validation in OpenSAML2, Chad La Joie, 12/11/2007
- Re: signature validation in OpenSAML2, Kenny Pearce, 12/11/2007
- RE: signature validation in OpenSAML2, Scott Cantor, 12/11/2007
- Message not available
- Re: signature validation in OpenSAML2, Brent Putman, 12/11/2007
- Re: signature validation in OpenSAML2, Kenny Pearce, 12/11/2007
- Re: signature validation in OpenSAML2, Brent Putman, 12/11/2007
- RE: signature validation in OpenSAML2, Scott Cantor, 12/11/2007
- Re: signature validation in OpenSAML2, Chad La Joie, 12/11/2007
- RE: signature validation in OpenSAML2, Scott Cantor, 12/11/2007
- Re: signature validation in OpenSAML2, Kenny Pearce, 12/11/2007
- Re: signature validation in OpenSAML2, Brent Putman, 12/07/2007
Archive powered by MHonArc 2.6.16.