OpenSAML user discussion

["Tom Scavo" <>]

I believe the <Signature> element is the last child element of the
<Assertion> element.  Check the schema.

Tom

On Fri, Apr 25, 2008 at 11:44 AM, Patrick Krug 
<>
 wrote:
>
>  I am having a problem with my saml implementation.     I have implemented
> my saml 1.1 using c# on windows.   The vendors saml implementation is using
> the opensaml programs.
>  What am I doing wrong?
>
>  The error message on the vendors side is : XML::Parser detected an error
> during parsing: Element 'Signature' is not valid for content model
>
>
>  <Response xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\";
> xmlns=\"urn:oasis:names:tc:SAML:1.0:protocol\"
> IssueInstant=\"2008-04-25T11:25:50Z\" MajorVersion=\"1\" MinorVersion=\"1\"
> Recipient=\"https://clinician.emdeon.com\";
> ResponseID=\"piiabmlphankocfbhhbhcomieogpcnaeilhclbbi\"
> xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"
> xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\"
> xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\";
> xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\";><Signature
> xmlns=\"http://www.w3.org/2000/09/xmldsig#\";><SignedInfo><CanonicalizationMethod
> Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"; /><SignatureMethod
> Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"; /><Reference
> URI=\"\"><Transforms><Transform
> Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\";
> /><Transform
> Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#WithComments\";><InclusiveNamespaces
> PrefixList=\"#default saml samlp ds xsd xsi code kind rw typens\"
> xmlns=\"http://www.w3.org/2001/10/xml-exc-c14n#\";
> /></Transform></Transforms><DigestMethod
> Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\";
> /><DigestValue>azbO17QKL8uQiwyg5CAPueZj3pk=</DigestValue></Reference></SignedInfo><SignatureValue>E6k88bQKCinDEyLe1Pz0EHxCmo4vmZnmqu9ceUbnHI///yNqe2zaFSm4xWPhTk61M9zTzLwBTuS+/xgjbIvEDnPl6FXreXF00P5wx+z/O2uAwwKpOtJb5UmVmJgcixBS0bt9h0TkI/7oLTJ1PgbIROM2jig+Ue9UaI4lvbJ5zP0=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIBuTCCASKgAwIBAgIESAO9iDANBgkqhkiG9w0BAQQFADAhMR8wHQYDVQQDExZCYXB0aXN0IE1lZGljYWwgQ2VudGVyMB4XDTA4MDQxNDIwMjQ0MFoXDTE4MDQxMjIwMjQ0MFowITEfMB0GA1UEAxMWQmFwdGlzdCBNZWRpY2FsIENlbnRlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvR30OZ5RDbcK0RjtPbGx5QizNlvsCfCyYkz6DiUIF7K/qAB6mqdVNr8VFQP8DngeJBUHi6Z3Y/B+SCQC3teJvocQRlVCz2lIY4dNCpmhHMTBjtz+yxuMtc77NEPNkK2aqWXLbIeYNDekcR1wbQltzIs9y+/1Y2j1KAIcV5HIKcCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBUtHmdPXOkMU5GCJACdXwv+KylaS5zowMZ89V0JTuQGhIuSymsW8kKd7LluI2zQ3sdVCx4NE3/jYISTGlM01AJGJReBoDFkIaeozJ2t2Qch34mQ7L0SIrtUEUeBpIBmeS92NGQEKpHdDF/on+a92IooGnrNcYaEPh7zyOEBMuldg==</X509Certificate></X509Data></KeyInfo></Signature><Status><StatusCod
 e
> Value=\"samlp:Success\" /></Status><Assertion
> xmlns=\"urn:oasis:names:tc:SAML:1.0:assertion\" AssertionID=\"tag1\"
> IssueInstant=\"2008-04-25T11:25:51Z\" Issuer=\"Baptist Medical Center\"
> MajorVersion=\"1\" MinorVersion=\"1\"
> xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"
> xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\"
> xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\";
> xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\";><Signature
> xmlns=\"http://www.w3.org/2000/09/xmldsig#\";><SignedInfo><CanonicalizationMethod
> Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\";
> /><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\";
> /><Reference URI=\"\"><Transforms><Transform
> Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\";
> /><Transform
> Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#WithComments\";><InclusiveNamespaces
> PrefixList=\"#default saml samlp ds xsd xsi code kind rw typens\"
> xmlns=\"http://www.w3.org/2001/10/xml-exc-c14n#\";
> /></Transform></Transforms><DigestMethod
> Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\";
> /><DigestValue>/Y3/FsMUrUiE+Kj6WKbejGoQkRo=</DigestValue></Reference></SignedInfo><SignatureValue>mWwvz8Ts8PGMOwHWI0Om3xtr6WYFpk/H9+IPp4mujA7WkqAE5LUWCRGjJZHvb/jq6BDOM7DJcBmqZx49+R6HOKaBQxWbAC6mplz4hyZj6g8rgPtNuDRZJPejQV27+u9yMxjr3qGv61OS+LlkrMGqTUSrTb9MnYT+3pf6so8WyMM=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIBuTCCASKgAwIBAgIESAO9iDANBgkqhkiG9w0BAQQFADAhMR8wHQYDVQQDExZCYXB0aXN0IE1lZGljYWwgQ2VudGVyMB4XDTA4MDQxNDIwMjQ0MFoXDTE4MDQxMjIwMjQ0MFowITEfMB0GA1UEAxMWQmFwdGlzdCBNZWRpY2FsIENlbnRlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvR30OZ5RDbcK0RjtPbGx5QizNlvsCfCyYkz6DiUIF7K/qAB6mqdVNr8VFQP8DngeJBUHi6Z3Y/B+SCQC3teJvocQRlVCz2lIY4dNCpmhHMTBjtz+yxuMtc77NEPNkK2aqWXLbIeYNDekcR1wbQltzIs9y+/1Y2j1KAIcV5HIKcCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBUtHmdPXOkMU5GCJACdXwv+KylaS5zowMZ89V0JTuQGhIuSymsW8kKd7LluI2zQ3sdVCx4NE3/jYISTGlM01AJGJReBoDFkIaeozJ2t2Qch34mQ7L0SIrtUEUeBpIBmeS92NGQEKpHdDF/on+a92IooGnrNcYaEPh7zyOEBMuldg==</X509Certificate></X509Data></KeyInfo></Signature><Conditions
> NotBefore=\"2008-04-24T11:25:51Z\"
> NotOnOrAfter=\"2008-04-26T11:25:51Z\"><AudienceRestrictionCondition><Audience>http://www.opensaml.org</Audience></AudienceRestrictionCondition></Conditions><AuthenticationStatement
> AuthenticationInstant=\"2008-04-25T11:25:52Z\"
> AuthenticationMethod=\"urn:oasis:names:tc:SAML:1.0:am:password\"><Subject
> xmlns=\"urn:oasis:names:tc:SAML:1.0:assertion\"><NameIdentifier>pkrug001</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement></Assertion></Response>"
>
>
>
>
>
>