OpenSAML user discussion

[Kenny Pearce <>]

Ah, that worked. Thanks. By the way, I had been looking for where you
might have constants saved, and couldn't find it, so thanks for pointing
that out. Are the confirmation method URIs also around somewhere?

On Tue, 2007-12-11 at 13:58 -0500, Brent Putman wrote:
> 
> Scott Cantor wrote:
> > If SignedInfo changes, I'd start by making sure you were using exclusive
> > c14n everywhere, including for the overall signature c14n, not just as a
> > transform. 
> 
> Oh, good catch, Scott.
> 
> From the code that was originally posted, looks like you were in fact
> using inclusive canonicalization, sorry I didn't catch that when I
> looked at it the first time.  So it's probably including namespaces from
> the SOAP envelope, which is breaking things when you verify the
> Assertion in the context where it's encapsulated within the WSS header. 
> Try the exclusive c14n URI for the Signature's canonicalization method:
> 
> http://www.w3.org/2001/10/xml-exc-c14n#
> 
> FYI, for signable SAML objects in OpenSAML, the c14n transform is
> automatically added to the associated ContentReference and is always the
> excluisve one.
> 
> BTW, we have SignatureConstants and EncryptionConstants classes with all
> most/all of these algorithm URI's in it.
> 
>