OpenSAML user discussion

["Brian Sheely" <>]

It looks as though there are 3 different ways to sign a SAML response: 1) sign the response while marshalling, 2) use the Signature::createRawSignature method, or 3) use the Signature::sign method. I assume that any of those approaches can be used. At first glance, the Signature::sign method seemed a natural choice because I had already written the subsequent block of code to perform marshalling of the response using domWriter->writeNode(&target, *static_cast<DOMNode*>(response->marshall())). My signature code block is as follows:

 

      CredentialCriteria criteria;

      criteria.setUsage(Credential::SIGNING_CREDENTIAL);

      Locker locker(resolver);

      const Credential* credential = resolver->resolve(&criteria);

      Signature* signature = SignatureBuilder::buildSignature();

      signature->setSignatureAlgorithm(DSIGConstants::s_unicodeStrURIRSA_SHA1);

      signature->setCanonicalizationMethod(DSIGConstants::s_unicodeStrURIEXC_C14N_NOC);  

      //opensaml::ContentReference* reference = dynamic_cast<opensaml::ContentReference*>(signature->getContentReference());

      opensaml::ContentReference* reference = new opensaml::ContentReference(*assertion);

      xmlStr = XMLString::transcode("http://www.w3.org/2000/09/xmldsig#sha1");

      reference->setDigestAlgorithm(xmlStr);

      XMLString::release(&xmlStr);

      signature->setContentReference(reference);

      assertion->setSignature(signature);

      signature->sign(credential);

      response->getAssertions().push_back(assertion);

 

The last line of code results in the following SignatureException: "No ContentReference object set for signature creation." I first tried using signature->getContentReference, but it returned a NULL pointer. My questions are:

 

Can I use this approach?

If so, how do I set the ContentReference and will I also need to set the SigningKey and the KeyInfo?

 

Thanks in advance!

 

Brian Sheely