Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [opensaml2.0]Validating XML Signature

Subject: OpenSAML user discussion

List archive

Re: [opensaml2.0]Validating XML Signature


Chronological Thread 
  • From: Chad La Joie <>
  • To:
  • Subject: Re: [opensaml2.0]Validating XML Signature
  • Date: Tue, 05 Feb 2008 19:02:02 +0100
  • Organization: SWITCH

Ah, yes, you're right. I read a '.' as ':' when I was looking at the spec.

I suspect that isn't the problem here, however. And yeah, OpenSAML, at least the Java version, isn't going to catch that unless you do schema validation.

Scott Cantor wrote:
It's valid. An ID just has to be a string (with a few character
limits), not a URI or anything. So that's valid. This error is almost
certainly screwing up the XML before the library gets it.

No, I just checked, it's not legal.

http://www.w3.org/TR/1999/REC-xml-names-19990114/#NT-NCName

Anybody accepting that as an ID has broken code. Of course, absent schema
processing, lots of ID code is brute forced and it might work by accident,
even in OpenSAML.

But somebody should inform the producer of that SAML that their code is
wrong regardless.

-- Scott



--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch




Archive powered by MHonArc 2.6.16.

Top of Page