OpenSAML user discussion

[Chad La Joie <>]

This is the error you get when something has corrupted the signature. 
Given that this is assertion is schema invalid and does not have the 
inclusive namespace list I'm guessing it wasn't OpenSAML that generated 
the assertion.

So, I'd begin looking at what produced or transported the XML.  As Scott 
has said before, there isn't any easy way to diagnose this problem.  You 
basically have to compare the octet stream of the created XML (before 
transportation or any other serialization) and the octet-stream right 
before you validate the signature.

Dimuthu Leelarathne wrote:
> Hi All,
>
> I am trying to validate a xml signature, but the validation fails giving
> me the following error.[1]
>
> This is how I try to retrieve the Modulus and Exponent. [2]
>
> The saml assertion is available here [3]
>
> I can't figure out what I am doing wrong. Your ideas are very much
> appreciated.
>
> Thank you,
> Dimuthu
>
> [1]
> 150194 [main] INFO org.apache.xml.security.signature.Reference -
> Verification successful for URI
> "#uuid:cb8141e4-44df-4791-9bde-a65b8f75599c"
> Exception in thread "main"
> org.opensaml.xml.validation.ValidationException: Signature did not
> validate against the credential's key
>         at
> org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:78)
>
> [2]http://ww2.wso2.org/~dimuthul/SAML2Test.java
>
> [3]http://ww2.wso2.org/~dimuthul/selfsigned-saml.xml

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
 http://www.switch.ch