Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Problems signing/validating metadata

Subject: OpenSAML user discussion

List archive

Re: Problems signing/validating metadata


Chronological Thread 
  • From: Chad La Joie <>
  • To:
  • Subject: Re: Problems signing/validating metadata
  • Date: Mon, 11 Feb 2008 14:07:59 +0100
  • Organization: SWITCH



Manuela Stanica wrote:
1. Signing (using openSAML 2.0 java API) a metadata document created and marshalled with openSAML2. In this case, I'm getting an EntityDescriptor which I have no trouble marshalling and unmarshalling and which to my knowledge includes the required xml fields. When I try signing the document (which implies validation as well)

Do you mean you think that signing implies schema or signature validation? Neither is true.

I get the following error:
ERROR org.opensaml.xml.signature.Signer - An error occured computing the digital signature
org.apache.xml.security.signature.XMLSignatureException: Cannot resolve element with ID null
Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID null
Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID null
Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: Cannot resolve element with ID null
Original Exception was org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID null
at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
at org.opensaml.xml.signature.Signer.signObject(Signer.java:76)
at net.geant.edugain.validation.SAMLSigner.sign(SAMLSigner.java:286)
at net.geant.edugain.validation.SAMLSigner.sign(SAMLSigner.java:253)
at test.SignatureTest.main(SignatureTest.java:55)

That error is pretty clear. You don't have an ID in what you're trying to sign. See SAML 2 metadata spec, line 374

2. Signing an example metadata xml file, which is almost the same as the first EntityDescriptor example from the OASIS Metadata for SAML 2.0 spec so it should be correct and I can succesfully unmarshal it. I'm enclosing the file in attachment. In this case, I get a different kind of error, which I haven't been able to solve either:

java.lang.NullPointerException
at java.util.TreeMap.compare(TreeMap.java:1093)
at java.util.TreeMap.put(TreeMap.java:465)
at java.util.TreeSet.add(TreeSet.java:210)
at java.util.AbstractCollection.addAll(AbstractCollection.java:318)
at java.util.TreeSet.addAll(TreeSet.java:258)
at java.util.TreeSet.<init>(TreeSet.java:143)
at org.apache.xml.security.transforms.params.InclusiveNamespaces.<init>(Unknown Source)
at org.opensaml.common.impl.SAMLObjectContentReference.processExclusiveTransform(SAMLObjectContentReference.java:172)
at org.opensaml.common.impl.SAMLObjectContentReference.createReference(SAMLObjectContentReference.java:142)
at org.opensaml.xml.signature.impl.SignatureMarshaller.createSignatureElement(SignatureMarshaller.java:114)
at org.opensaml.xml.signature.impl.SignatureMarshaller.marshall(SignatureMarshaller.java:69)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallChildElements(AbstractXMLObjectMarshaller.java:317)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshallInto(AbstractXMLObjectMarshaller.java:225)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:131)
at org.opensaml.xml.io.AbstractXMLObjectMarshaller.marshall(AbstractXMLObjectMarshaller.java:87)
at net.geant.edugain.validation.SAMLSigner.sign(SAMLSigner.java:281)
at net.geant.edugain.validation.SAMLSigner.sign(SAMLSigner.java:253)
at test.SignatureTest.main(SignatureTest.java:55)

This was just patched by Brent, last night, I think. Try again with the latest code from trunk.

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch




Archive powered by MHonArc 2.6.16.

Top of Page