mace-opensaml-users - RE: signing a SAML response - C++
Subject: OpenSAML user discussion
List archive
- From: "Brian Sheely" <>
- To: <>
- Subject: RE: signing a SAML response - C++
- Date: Thu, 3 Jan 2008 11:02:30 -0800
I can use the following code to try either approach to attaching a signature.
It also contains some test code to marshall just the signature:
CredentialCriteria criteria;
criteria.setUsage(Credential::SIGNING_CREDENTIAL);
Signature* signature = SignatureBuilder::buildSignature();
assertion->setSignature(signature);
signature->setSignatureAlgorithm(DSIGConstants::s_unicodeStrURIRSA_SHA1);
signature->setCanonicalizationMethod(DSIGConstants::s_unicodeStrURIEXC_C14N_NOC);
opensaml::ContentReference* reference =
dynamic_cast<opensaml::ContentReference*>(signature->getContentReference());
xmlStr = XMLString::transcode(URI_ID_SHA1);
reference->setDigestAlgorithm(xmlStr);
XMLString::release(&xmlStr);
Locker locker(resolver);
const Credential* credential = resolver->resolve(&criteria);
response->getAssertions().push_back(assertion);
vector<Signature*> signatures(1, signature);
DOMElement* element;
try {
#if (1)
element = response->marshall((DOMDocument*)NULL, &signatures,
credential); //SignatureException
#elif (0)
element = response->marshall();
signature->sign(credential); //SignatureException
#else //marshall just the signature as a test
element = signature->marshall((DOMDocument*)NULL,
&signatures, credential);
#endif
}
Either approach generates the same exception "Caught an XMLSecurity exception
while signing: XSECAlgorithmMapper::mapURIToHandler - URI ?????????????í not
found". As a test, I can marshall just the signature. But when I write the
DOM out, the SignatureValue element is "Not yet signed". And none of my code
explicitly sets the KeyName. Was that obtained from the key.pem file? Are
there any obvious errors or omissions in my code? As always, that you very
much for your assistance!
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/>
</ds:SignedInfo>
<ds:SignatureValue>Not yet signed</ds:SignatureValue>
- <ds:KeyInfo>
<ds:KeyName>idp.acmeidp.com</ds:KeyName>
- <ds:X509Data>
<ds:X509Certificate>MIICpTCCAg4CCQCTldYPmn9jAzANBgkqhkiG9w0BAQUFADCBljELMAkGA1UEBhMC
VVMxEjAQBgNVBAgTCVRlbm5lc3NlZTESMBAGA1UEBxMJS25veHZpbGxlMREwDwYD
VQQKEwhBY21lIElkcDERMA8GA1UECxMIU2VjdXJpdHkxGDAWBgNVBAMTD2lkcC5h
Y21laWRwLmNvbTEfMB0GCSqGSIb3DQEJARYQcGF1bEBhY21lbWxzLmNvbTAeFw0w
NzA4MDUyMDA2MDJaFw0wODA4MDQyMDA2MDJaMIGWMQswCQYDVQQGEwJVUzESMBAG
A1UECBMJVGVubmVzc2VlMRIwEAYDVQQHEwlLbm94dmlsbGUxETAPBgNVBAoTCEFj
bWUgSWRwMREwDwYDVQQLEwhTZWN1cml0eTEYMBYGA1UEAxMPaWRwLmFjbWVpZHAu
Y29tMR8wHQYJKoZIhvcNAQkBFhBwYXVsQGFjbWVtbHMuY29tMIGfMA0GCSqGSIb3
DQEBAQUAA4GNADCBiQKBgQC5jlYVO08ZPlXY3GVfz2l6wajkNaFhVdWSBmZWxVCr
kmOnq6zOi4Az8oVRT9yBrV3e7P+K7FSjqn2vBOSESsSFxWSM98FwZxUDQqqNAntj
T54PvhFEFAb/JTKRicQhc6X0cW7zRdX/+pwhWWBlYwPqHccINT5c2F7al07Ey9Nz
wwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAHRvAMqhQuZMvskYqaogp4kWNFXVKhTE
XYrWZBEyM0DMC6N0rmsVh+maYELE/I1iT77xsRmLPURdxoePfAWmJ0I5162SDbdQ
VvFb7/BVl9hiOT4RDo9jd6Kju6vWSSunu+lG/7uQB9aeDQl8tjw8dz5W930F2I7Z
aIYEDFulvnvQ</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
Brian Sheely
- signing a SAML response - C++, Brian Sheely, 01/02/2008
- RE: signing a SAML response - C++, Scott Cantor, 01/02/2008
- RE: signing a SAML response - C++, Brian Sheely, 01/02/2008
- RE: signing a SAML response - C++, Scott Cantor, 01/02/2008
- RE: signing a SAML response - C++, Brian Sheely, 01/03/2008
- RE: signing a SAML response - C++, Scott Cantor, 01/03/2008
- RE: signing a SAML response - C++, Brian Sheely, 01/03/2008
- Message not available
- RE: signing a SAML response - C++, Scott Cantor, 01/02/2008
- RE: signing a SAML response - C++, Scott Cantor, 01/02/2008
- RE: signing a SAML response - C++, Brian Sheely, 01/02/2008
- RE: signing a SAML response - C++, Scott Cantor, 01/02/2008
Archive powered by MHonArc 2.6.16.