OpenSAML user discussion

[Brent Putman <>]

Title: Re: Reference Node in Signature Duplicated

To add to what Chad and Scott just said.  Out of curiosity, do we know what Sun is using for XML Signature validation (an existing library, their own code, etc)?   I'm not familiar with Sun's product.   From the link that you sent out, are you using the "SAML 2.0 PHP Relying Party" or the "PHP Client SDK for OpenSSO" or what?

--Brent

Paul Hethmon wrote:

Ok, to go slightly off-topic here and more into the general SAML realm, but I think it is relevant. The error from the Sun library on “reference validation failed” turned out to be that my assertion ID values were done as:

  ID=”acmeidp123456789”

Then per spec, the OpenSAML library generated the Reference URI value as:

  URI=”#acmeidp123456789”

By simply changing my ID value to have the # symbol in front, this error went away. Section 5.4.2 of the saml-core document says that OpenSAML and my code are correct. Sun evidently thinks differently.

Opinions?

Thanks,

Paul