OpenSAML user discussion

["Brian Sheely" <>]

I can use the following code to try either approach to attaching a signature. 
It also contains some test code to marshall just the signature: 

        CredentialCriteria criteria;
        criteria.setUsage(Credential::SIGNING_CREDENTIAL);
        Signature* signature = SignatureBuilder::buildSignature();
        assertion->setSignature(signature);
        
signature->setSignatureAlgorithm(DSIGConstants::s_unicodeStrURIRSA_SHA1);
        
signature->setCanonicalizationMethod(DSIGConstants::s_unicodeStrURIEXC_C14N_NOC);
        opensaml::ContentReference* reference = 
dynamic_cast<opensaml::ContentReference*>(signature->getContentReference());
        xmlStr = XMLString::transcode(URI_ID_SHA1);
        reference->setDigestAlgorithm(xmlStr);
        XMLString::release(&xmlStr);
        Locker locker(resolver);
        const Credential* credential = resolver->resolve(&criteria);
        response->getAssertions().push_back(assertion);
        vector<Signature*> signatures(1, signature);
        DOMElement* element;

        try {
#if (1) 
                element = response->marshall((DOMDocument*)NULL, &signatures, 
credential); //SignatureException
#elif (0) 
                element = response->marshall(); 
                signature->sign(credential); //SignatureException
#else //marshall just the signature as a test
                element = signature->marshall((DOMDocument*)NULL, 
&signatures, credential);
#endif
        }  

Either approach generates the same exception "Caught an XMLSecurity exception 
while signing: XSECAlgorithmMapper::mapURIToHandler - URI ?????????????í not 
found". As a test, I can marshall just the signature. But when I write the 
DOM out, the SignatureValue element is "Not yet signed". And none of my code 
explicitly sets the KeyName. Was that obtained from the key.pem file? Are 
there any obvious errors or omissions in my code? As always, that you very 
much for your assistance!

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
- <ds:SignedInfo>
  <ds:CanonicalizationMethod 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> 
  <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; 
/> 
  </ds:SignedInfo>
  <ds:SignatureValue>Not yet signed</ds:SignatureValue> 
- <ds:KeyInfo>
  <ds:KeyName>idp.acmeidp.com</ds:KeyName> 
- <ds:X509Data>
  
<ds:X509Certificate>MIICpTCCAg4CCQCTldYPmn9jAzANBgkqhkiG9w0BAQUFADCBljELMAkGA1UEBhMC
 VVMxEjAQBgNVBAgTCVRlbm5lc3NlZTESMBAGA1UEBxMJS25veHZpbGxlMREwDwYD 
VQQKEwhBY21lIElkcDERMA8GA1UECxMIU2VjdXJpdHkxGDAWBgNVBAMTD2lkcC5h 
Y21laWRwLmNvbTEfMB0GCSqGSIb3DQEJARYQcGF1bEBhY21lbWxzLmNvbTAeFw0w 
NzA4MDUyMDA2MDJaFw0wODA4MDQyMDA2MDJaMIGWMQswCQYDVQQGEwJVUzESMBAG 
A1UECBMJVGVubmVzc2VlMRIwEAYDVQQHEwlLbm94dmlsbGUxETAPBgNVBAoTCEFj 
bWUgSWRwMREwDwYDVQQLEwhTZWN1cml0eTEYMBYGA1UEAxMPaWRwLmFjbWVpZHAu 
Y29tMR8wHQYJKoZIhvcNAQkBFhBwYXVsQGFjbWVtbHMuY29tMIGfMA0GCSqGSIb3 
DQEBAQUAA4GNADCBiQKBgQC5jlYVO08ZPlXY3GVfz2l6wajkNaFhVdWSBmZWxVCr 
kmOnq6zOi4Az8oVRT9yBrV3e7P+K7FSjqn2vBOSESsSFxWSM98FwZxUDQqqNAntj 
T54PvhFEFAb/JTKRicQhc6X0cW7zRdX/+pwhWWBlYwPqHccINT5c2F7al07Ey9Nz 
wwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAHRvAMqhQuZMvskYqaogp4kWNFXVKhTE 
XYrWZBEyM0DMC6N0rmsVh+maYELE/I1iT77xsRmLPURdxoePfAWmJ0I5162SDbdQ 
VvFb7/BVl9hiOT4RDo9jd6Kju6vWSSunu+lG/7uQB9aeDQl8tjw8dz5W930F2I7Z 
aIYEDFulvnvQ</ds:X509Certificate> 
  </ds:X509Data>
  </ds:KeyInfo>
  </ds:Signature>

Brian Sheely