Skip to Content.
Sympa Menu

mace-opensaml-users - OpenSaml 2 Signature Validation Error

Subject: OpenSAML user discussion

List archive

OpenSaml 2 Signature Validation Error


Chronological Thread 
  • From:
  • To:
  • Subject: OpenSaml 2 Signature Validation Error
  • Date: Tue, 15 Jan 2008 19:18:49 -0500 (EST)

Hi -
This is my first experience with OpenSaml, although I am quite familiar
with SAML itself as well as dsig & encryption. I have compiled the opensaml
libraries and am in the process of doing some basic testing using the Java
API. Here is my logic in my test code

1) Build SAML 2.0 assertion using OpenSaml 2.0 objects
2) digitally sign (using OpenSaml)
3) Call SignatureValidator.validate passing SAMLObject from (2) as param = OK
4) marshall to DOM
5) Call SignatureValidator.validate after unmarhalling DOM from (4) to
SAMLObject = OK
6) write DOM to XML string
7) Call SignatureValidator.validate after parsing xml string from (6) to DOM
& unmarhalling to SAMLObject = FAILS!

Step 7 fails with "Signature did not validate against the credential's key"

I was able to step through the code, and can see that the validation is
failing due to a mismatch of the computed digest & and the one present in the
ds:DigestValue field (at the apache xml security code level).

However, I am quite confused as to why 3 & 5 work OK, but 7 does not

Here is the exception I am seeing:
Exception in thread "main" org.opensaml.xml.validation.ValidationException:
Signature did not validate against the credential's key
at
org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:78)
at
OpenSamlGeneratorTest.verifySignature(OpenSamlGeneratorTest.java:196)

Any help/suggestions are greatly appreciated!
Dave



Archive powered by MHonArc 2.6.16.

Top of Page