Skip to Content.
Sympa Menu

mace-opensaml-users - RE: [OpenSAML] RE: Reference Node in Signature Duplicated

Subject: OpenSAML user discussion

List archive

RE: [OpenSAML] RE: Reference Node in Signature Duplicated


Chronological Thread 
  • From: "Sankaranainar, Naveen" <>
  • To: <>
  • Subject: RE: [OpenSAML] RE: Reference Node in Signature Duplicated
  • Date: Fri, 4 Apr 2008 00:14:24 -0400
  • Importance: normal
  • Priority: normal

Brent,

Thanks for the quick response.

Yep, that was the issue. Removed it and now it has only one reference
but still doesn't work with google. Could be some other issue with
google.


The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

From: Brent Putman
[mailto:]

Sent: Thursday, April 03, 2008 11:47 PM
To:

Subject: Re: [OpenSAML] RE: Reference Node in Signature Duplicated

signature.getContentReferences().add( new
SAMLObjectContentReference(assertion) );

Sankaranainar, Naveen wrote:
> I ran into same duplicate "<ds:Reference>" issue. I have attached the
saml response document that I federated to google and google acs
rejected because of duplicate reference. Any input on what could be
wrong?.

Yes, someplace an extra SAMLContentReference is being added to the
Response signature.


> I am calling signer object to sign the response document, not adding
any reference manually.
>

I'm virtually certain that someplace you are doing something similar to
the following, to the Signature that you're setting on the Response:


signature.getContentReferences().add( new
SAMLObjectContentReference(response) );

You shouldn't do this, because SignableSAMLObject#setSignature does this

automatically. Doing it explicitly like the above is causing the
duplicate.


> protected void signDocument(XMLObject xmlObject,Signature signature)
throws FedHubException{
> Marshaller marshaller =
marshallerFactory.getMarshaller(xmlObject);
> try {
> marshaller.marshall(xmlObject);
> } catch (MarshallingException e) {
> LogManager.error("Exception on marshalling the
document: " ,e);
> }
> Signer.signObject(signature);
> }
>
>

Yeah, like I said above, this isn't really the relevant code you need to

double-check. You need to look at the code that is creating and
populating things on the Response's Signature instance.

I also notice that your Assertion is also signed, but only has a single
Reference. So you must be doing something different as to building the
Signature object in the two cases.

--Brent



Archive powered by MHonArc 2.6.16.

Top of Page