OpenSAML user discussion

["Håkon Sagehaug" <>]

Hi

More questions on this

I always get a validationException that says

Verification failed for URI "#_78d842bb-eff5-404c-915c-fc2fb7e78dde"

So what I have is a saml response that has a saml assertion which is signed
like this 

<Response ID="_09af3cb9-6636-4bed-b61f-7c5606821952">
 <saml:Assertion ID="_78d842bb-eff5-404c-915c-fc2fb7e78dde"  > 
   <ds:Signature xmlns:ds="
http://www.w3.org/2000/09/xmldsig#">
       <ds:SignatureValue>jncjnncjnsjncjsn
       </ds:SignatureValue><ds:KeyInfo><ds:X509Data>
        <ds:X509Certificate>
         </ds:X509Certificate>
        </ds:X509Data>x509sdabdjsabjdbasjkdnsjkandjk</ds:KeyInfo>
   </ds:Signature>
 </saml:Assertion>
</Response>

I unmarshalls the response and get the assertion out, the I construct a java x509 cert
and then create  a basicCredential like this 

 BasicX509Credential x509Credential = new BasicX509Credential();
 x509Credential.setEntityCertificate(cert);
                    
 SignatureValidator validator = new SignatureValidator(x509Credential);
 validator.validate(signature);

Signature is the signatue from the saml assertion but I get the URI reference error, any tips??

cheers, HÅkon

2008/1/11, Håkon Sagehaug < >:

I just wanted to be able to valdidate the signature and I thought I needed it

2008/1/11, Chad La Joie <>:

Yes.

Not saying there isn't some sort of use case where you might need the
Signature value, I just wasn't aware of any so I was trying to see if
you had come upon one.

Håkon Sagehaug wrote:
> Hi
>
> I guess I don't need it, I thought I might need it for verifying the
> signature, but I guess it's just do something like
>
>  SignatureValidator sigValidator = new SignatureValidator(goodCredential);
>         sigValidator.validate(signature);
>
> as in the provided unit tests
>
> cheers
>
> 2008/1/11, Chad La Joie <
> <mailto:> >:
>
>     Not that I know of.  We didn't do a full set of XMLObject for the
>     Signature spec.  We only did those objects that people might need to
>     create, which is pretty much just the KeyInfo stuff.
>
>     What do you need that value for?
>
>     Håkon Sagehaug wrote:
>      > Hi
>      >
>      > I was trying to get the xmlsignatue value out of a Signature
>     object, but
>      > noticed that the interface don't support this method, but the
>      > SignaturImpl does. Is there another method to get the xml signature
>      > value out of the Signature Object?
>      >
>      > cheers, Håkon
>      >
>      > --
>      > Håkon Sagehaug
>      > Research Assistant
>      > Parallab
>      > Bergen Center for Computational Science (BCCS)
>      > UNIFOB AS (University of Bergen Research Company)
>
>     --
>     SWITCH
>     Serving Swiss Universities
>     --------------------------
>     Chad La Joie, Software Engineer, Security
>     Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
>     phone +41 44 268 15 75, fax +41 44 268 15 68
>     <mailto:>,
>     http://www.switch.ch
>
>
>
>
> --
> Håkon Sagehaug
> Research Assistant
> Parallab
> Bergen Center for Computational Science (BCCS)
> UNIFOB AS (University of Bergen Research Company)

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
, http://www.switch.ch

--

Håkon Sagehaug
Research Assistant
Parallab
Bergen Center for Computational Science (BCCS)
UNIFOB AS (University of Bergen Research Company)

-- 
Håkon Sagehaug 
Research Assistant
Parallab
Bergen Center for Computational Science (BCCS)
UNIFOB AS (University of Bergen Research Company)