Skip to Content.
Sympa Menu

mace-opensaml-users - failing to process SAML signature

Subject: OpenSAML user discussion

List archive

failing to process SAML signature


Chronological Thread 
  • From: "Ajaya Agarwal" <>
  • To:
  • Subject: failing to process SAML signature
  • Date: Tue, 1 Apr 2008 11:15:04 +0530
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:to:subject:mime-version:content-type; b=EL/wJQ/eQQRsuf79rZddikIs/rUwyT3fnye2o9vjfDb3Xm7CaWqYWi5YVGhTOhZANPRQKbNBrsOW0iHzrzeLTiHTEMUMJkdPkIZuXoRzW2TTsZoQ3TEBggirv51xTjn7+22R+hIBxbrNFDh4PAeBhiYNO+NQW/xRyPRHL7ZX2iY=
Hi ,

I am using OPENSAML1.1b to consume the SAML assertion. I am using SAML 1.1 and Browser POST profile for SSO. I have attached  SAML Response POSTed by Identity Provider.
 
Unfortunately I am unable to process attached SAML response. Could anybody let me know what is the problem in SAML Response ? Can OPESAML consume this SAML ?
 
I am mainly getting problem while validating signature part . Is canonicalization/transform algorithm creating the issue ?
 
Thanks a lot in advance.
 
Regards,
Ajay
 
<samlp:Response xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2008-03-18T02:01:55.178Z" MajorVersion="1" MinorVersion="1" Recipient="http://jive06.managed.contegix.com/intelchannel/index.jspa"; ResponseID="SM17711c9c401b0fab9df938793d991b4832f17a7aa6d"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/><ds:Reference URI="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/><ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/><ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>LLT9qzaiHa72iaI+FzlUKI+XQ4M=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>fY6QmH7M0fF/b+EdcLguhI1ValOUYVEHcyQ83KHdAXMhbVfn9ScT0yWCZoJGHScU32WokyferFM2HQ/IeLwQU5kQ/UTAEVS8Dg5RATMsw/ef2yFcu0vMqhgnOzpGM6B0XA7KMxpZKq2B6Jd71WBZFsqvNAAdNpk0PYjPii1cAbQ=</ds:SignatureValue><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>MIIHWzCCBkOgAwIBAgIKLlfbNwAAAAAAFTANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIkludGVsIEV4dGVybmFsIEJhc2ljIElzc3VpbmcgQ0EgM0EwHhcNMDYwNDA3MjIyNTI5WhcNMDkwNDA2MjIyNTI5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEPMA0GA1UEBxMGRm9sc29tMRIwEAYDVQQKEwlJbnRlbCBTQVMxEjAQBgNVBAsTCUludGVsIFNBUzEhMB8GA1UEAxMYZm1zc2FzZXBwbC5jcHMuaW50ZWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1+pSgCAJd/Z8hfHj/gtgv82g9FCK8npykoa9ZPwv+764yw+okw9yV6cso003/SCNJA9ZZph3GEhwT1Zhuzc9DohVaVjvJgmGAW8WN3zN56KVEcxNG314QzOm5UPKfmsQfXMugH61nJaiepLtBw9DVZxhj5dBzXh6u8W5cDTCpcwIDAQABo4IEhTCCBIEwCwYDVR0PBAQDAgWgMEQGCSqGSIb3DQEJDwQ3MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBzATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUHJsKnuAMVsV3LNyFZJWCYBBPYJwwHwYDVR0jBBgwFoAUCWmBM3sGc48jTAoD3/cWgRGCEwUwggGwBgNVHR8EggGnMIIBozCCAZ+gggGboIIBl4aB32xkYXA6Ly8vQ049SW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNzdWluZyUyMENBJTIwM0EsQ049Zm1zbWNzZWJlY2EwMyxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1jb3JwLERDPWludGVsLERDPWNvbT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGVGh0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDNBLmNybIZdaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5jb20vcmVwb3NpdG9yeS9DUkwvSW50ZWwlMjBFeHRlcm5hbCUyMEJhc2ljJTIwSXNzdWluZyUyMENBJTIwM0EuY3JsMIIBxQYIKwYBBQUHAQEEggG3MIIBszCB0QYIKwYBBQUHMAKGgcRsZGFwOi8vL0NOPUludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDNBLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPWNvcnAsREM9aW50ZWwsREM9Y29tP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MGkGCCsGAQUFBzAChl1odHRwOi8vd3d3LmludGVsLmNvbS9yZXBvc2l0b3J5L2NlcnRpZmljYXRlcy9JbnRlbCUyMEV4dGVybmFsJTIwQmFzaWMlMjBJc3N1aW5nJTIwQ0ElMjAzQS5jcnQwcgYIKwYBBQUHMAKGZmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRvcnkvY2VydGlmaWNhdGVzL0ludGVsJTIwRXh0ZXJuYWwlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDNBLmNydDA9BgkrBgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiGw4x1hJnlUYP9gSiFjp9TgpHACWeClI8sguneYwIBZAIBBDAbBgkrBgEEAYI3FQoEDjAMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4IBAQCU/pxo8HmgHsxsDBKxGrwzko3hlmUaGKGQjgon+rZ+jS89rjhh07O2N/l8CCOrDngSM+9QOV3e6LZ3OH4XByPNBXS+kDCIrnAITEiH1CPBCPgj4SzDUSJ7tJs7FhiHGcvdEv49EIY76v4kAwlWYql2Y0dmixY7nCamsSBXEvfmshlFcmb1dC8DXTy3keA+q7gHpGxsW3gclEULQvuh5WYKnFdl+YgojjV1l6Ld2cTZrBnUNepCesW17+SEQNd48RR9voe4aggtoBeikCIFB+CvBre7ZO30DUzjC1Y0nUI4/8REqivhRzIqXxCN90TMcB7RmETsEpeicU56JuLItM8F</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"><samlp:StatusCode Value="samlp:Success"/></samlp:Status><saml:Assertion xmlns:SM="http://www.netegrity.com/SiteMinder"; AssertionID="SM24edccd04d280d78ec7d3d25b1b8969e2e48af3d9de" IssueInstant="2008-03-18T02:01:55.146Z" Issuer="https://welcome.intel.com/SAML"; MajorVersion="1" MinorVersion="1" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions NotBefore="2008-03-18T02:01:25.131Z" NotOnOrAfter="2008-03-18T02:03:25.131Z"><saml:AudienceRestrictionCondition><saml:Audience>https://welcome.intel.com/FederatedUsers</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AttributeStatement><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.0:assertion" NameQualifier="www.intel.com">mad\aagarw7</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:Attribute AttributeName="SMContent" AttributeNamespace="http://www.netegrity.com/SiteMinder";><saml:AttributeValue><SM:SMContent xmlns:SM="http://www.netegrity.com/SiteMinder";><SM:SMsession><SM:SessionID>FDlxMf+LFlGJHzyequiu1o504FE=</SM:SessionID><SM:startTime>1205805709</SM:startTime><SM:idleTimeout>10800</SM:idleTimeout><SM:maxTimeout>0</SM:maxTimeout><SM:timeIn>30</SM:timeIn></SM:SMsession><SM:SMlogin><SM:UserDN>mad\aagarw7</SM:UserDN><SM:Username>mad\aagarw7</SM:Username></SM:SMlogin><SM:SMprofile><SM:NVpair>header:</SM:NVpair><SM:NVpair>header:LoginId=MAD\aagarw7</SM:NVpair><SM:NVpair>header:FirstName=AJAYA</SM:NVpair><SM:NVpair>header:LastName=AGARWAL</SM:NVpair></SM:SMprofile></SM:SMContent></saml:AttributeValue></saml:Attribute></saml:AttributeStatement><saml:AuthenticationStatement AuthenticationInstant="2008-03-18T02:01:49.000Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.0:assertion" NameQualifier="www.intel.com">mad\aagarw7</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement></saml:Assertion></samlp:Response>

Archive powered by MHonArc 2.6.16.

Top of Page