mace-opensaml-users - Reference Node in Signature Duplicated
Subject: OpenSAML user discussion
List archive
- From: Paul Hethmon <>
- To: OpenSAML List <>
- Subject: Reference Node in Signature Duplicated
- Date: Thu, 10 Jan 2008 11:06:19 -0500
Ok, not sure where this is getting done, whether its my use of the OpenSAML
code or the OpenSAML code. I'm trying to get my IdP implementation (Java)
working with the Lightbulb PHP SP
(http://opensso.dev.java.net/public/extensions/) code from Sun. What I am
seeing is an error from their library saying:
Error: Reference validation failed
Tracing through their code, it appears that it is saying there is a problem
with the <ds:Reference> node in the signature. I then took a look at what
I'm generated and I see two identical <ds:Reference> nodes (xml at the end
of this message).
I looked through my signature generating code and don't see anything which
looks like it ought to cause two Reference nodes to be emitted. So does
anyone know of anything I should look for in my code? Does anyone have an
IdP using the Java libs that does *not* send out two Reference nodes?
For reference, my OpenSAML Java code was updated today (2008-01-10).
Thanks,
Paul
<?xml version="1.0" encoding="UTF-8"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="http://www.acmemls.com:80/recv-saml.jsp"
ID="acmeidp1199978583569"
InResponseTo="acmemls1199978573054"
IssueInstant="2008-01-10T15:23:03.569Z" Version="2.0">
<saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://www.acmeidp.com</s
aml:Issuer>
<samlp:Status>
<samlp:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="acmeidp1199978583569"
IssueInstant="2008-01-10T15:23:03.569Z" Version="2.0">
<saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://www.acmeidp.com</s
aml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:Reference URI="#acmeidp1199978583569"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:Transforms
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="ds saml"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:DigestValue
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>6eSn/ehb6C5gkU3t0KQLQ3InSeU=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#acmeidp1199978583569"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:Transforms
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="ds saml"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:DigestValue
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>6eSn/ehb6C5gkU3t0KQLQ3InSeU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
h9M4de1l3sAl7Ue4qYk6UZ8gI/aDTWAg2Ueog3sZ2COkkOraoaDKWhsx2kcz6l0qguNCbLfCVQq3
eSmRR2R8VileLsVdvTssKZ5OYvvAKOMnJgueeGC1ZqElp9NWRf7p+qmAMytynxQG64JGJnFqO2fG
NzORvH8ZZRSVgZmrhdU= </ds:SignatureValue>
</ds:Signature>
- Reference Node in Signature Duplicated, Paul Hethmon, 01/10/2008
- Re: Reference Node in Signature Duplicated, Chad La Joie, 01/10/2008
- Re: Reference Node in Signature Duplicated, Paul Hethmon, 01/10/2008
- Re: Reference Node in Signature Duplicated, Paul Hethmon, 01/10/2008
- Re: Reference Node in Signature Duplicated, Chad La Joie, 01/10/2008
- RE: Reference Node in Signature Duplicated, Scott Cantor, 01/10/2008
- Re: Reference Node in Signature Duplicated, Brent Putman, 01/10/2008
- Re: Reference Node in Signature Duplicated, Paul Hethmon, 01/10/2008
- Re: Reference Node in Signature Duplicated, Paul Hethmon, 01/10/2008
- Re: Reference Node in Signature Duplicated, Paul Hethmon, 01/10/2008
- Re: Reference Node in Signature Duplicated, Chad La Joie, 01/10/2008
Archive powered by MHonArc 2.6.16.