OpenSAML user discussion

[Chad La Joie <>]

It should be fine.  If you try to marshall an already marshalled tree it 
just immediately returns the cached DOM unless you marshall it in such a 
way that you indicate it needs to be rooted in a new document (which is 
not common).

Brent Putman wrote:
> > 2. Once the signature object has been signed (the signature value 
> > set), does the assertion need to be marshalled again to get the sign 
> > assertion?
> >   
>
>
> No, absolutely not, in fact that may even screw things up (can't 
> remember exactly what marshalling an already marshalled tree does).  The 
> actual signing operation is implemented by the Apache XML Security 
> library and operates directly on the DOM tree.  That is why you have to 
> marshall before signing.

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
 http://www.switch.ch