Skip to Content.
Sympa Menu

mace-opensaml-users - RE: [OpenSAML] Saml error - Element 'Signature' is not valid for content model

Subject: OpenSAML user discussion

List archive

RE: [OpenSAML] Saml error - Element 'Signature' is not valid for content model


Chronological Thread 
  • From: Patrick Krug <>
  • To: <>
  • Subject: RE: [OpenSAML] Saml error - Element 'Signature' is not valid for content model
  • Date: Mon, 28 Apr 2008 16:19:45 -0400
  • Importance: Normal

The vendor  that I need to send the saml to requires two signatures.

To:
CC:
From:
Date: Mon, 28 Apr 2008 13:00:31 -0500
Subject: Re: [OpenSAML] Saml error - Element 'Signature' is not valid for content model


Patrick,

Do you really want 2 signature blocks.  Usually, you only sign either the entire Reponse or just the Assertion.




"Patrick Krug" <>
04/25/2008 10:44 AM
Please respond to



To
cc
Subject
[OpenSAML] Saml error - Element 'Signature' is not valid for content model





I am having a problem with my saml implementation.     I have implemented my saml 1.1 using c# on windows.   The vendors saml implementation is using the opensaml programs.  
What am I doing wrong?

The error message on the vendors side is : XML::Parser detected an error during parsing: Element 'Signature' is not valid for content model


<Response xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns=\"urn:oasis:names:tc:SAML:1.0:protocol\" IssueInstant=\"2008-04-25T11:25:50Z\" MajorVersion=\"1\" MinorVersion=\"1\" Recipient=\"https://clinician.emdeon.com\" ResponseID=\"piiabmlphankocfbhhbhcomieogpcnaeilhclbbi\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" /><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" /><Reference URI=\"\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" /><Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#WithComments\"><InclusiveNamespaces PrefixList=\"#default saml samlp ds xsd xsi code kind rw typens\" xmlns=\"http://www.w3.org/2001/10/xml-exc-c14n#\" /></Transform></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><DigestValue>azbO17QKL8uQiwyg5CAPueZj3pk=</DigestValue></Reference></SignedInfo><SignatureValue>E6k88bQKCinDEyLe1Pz0EHxCmo4vmZnmqu9ceUbnHI///yNqe2zaFSm4xWPhTk61M9zTzLwBTuS+/xgjbIvEDnPl6FXreXF00P5wx+z/O2uAwwKpOtJb5UmVmJgcixBS0bt9h0TkI/7oLTJ1PgbIROM2jig+Ue9UaI4lvbJ5zP0=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIBuTCCASKgAwIBAgIESAO9iDANBgkqhkiG9w0BAQQFADAhMR8wHQYDVQQDExZCYXB0aXN0IE1lZGljYWwgQ2VudGVyMB4XDTA4MDQxNDIwMjQ0MFoXDTE4MDQxMjIwMjQ0MFowITEfMB0GA1UEAxMWQmFwdGlzdCBNZWRpY2FsIENlbnRlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvR30OZ5RDbcK0RjtPbGx5QizNlvsCfCyYkz6DiUIF7K/qAB6mqdVNr8VFQP8DngeJBUHi6Z3Y/B+SCQC3teJvocQRlVCz2lIY4dNCpmhHMTBjtz+yxuMtc77NEPNkK2aqWXLbIeYNDekcR1wbQltzIs9y+/1Y2j1KAIcV5HIKcCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBUtHmdPXOkMU5GCJACdXwv+KylaS5zowMZ89V0JTuQGhIuSymsW8kKd7LluI2zQ3sdVCx4NE3/jYISTGlM01AJGJReBoDFkIaeozJ2t2Qch34mQ7L0SIrtUEUeBpIBmeS92NGQEKpHdDF/on+a92IooGnrNcYaEPh7zyOEBMuldg==</X509Cert! ificate></X509Data></KeyInfo></Signature><Status><StatusCode Value=\"samlp:Success\" /></Status><Assertion xmlns=\"urn:oasis:names:tc:SAML:1.0:assertion\" AssertionID=\"tag1\" IssueInstant=\"2008-04-25T11:25:51Z\" Issuer=\"Baptist Medical Center\" MajorVersion=\"1\" MinorVersion=\"1\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" /><Reference URI=\"\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" /><Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#WithComments\"><InclusiveNamespaces PrefixList=\"#default saml samlp ds xsd xsi code kind rw typens\" xmlns=\"http://www.w3.org/2001/10/xml-exc-c14n#\" /></Transform></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><DigestValue>/Y3/FsMUrUiE+Kj6WKbejGoQkRo=</DigestValue></Reference></SignedInfo><SignatureValue>mWwvz8Ts8PGMOwHWI0Om3xtr6WYFpk/H9+IPp4mujA7WkqAE5LUWCRGjJZHvb/jq6BDOM7DJcBmqZx49+R6HOKaBQxWbAC6mplz4hyZj6g8rgPtNuDRZJPejQV27+u9yMxjr3qGv61OS+LlkrMGqTUSrTb9MnYT+3pf6so8WyMM=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIBuTCCASKgAwIBAgIESAO9iDANBgkqhkiG9w0BAQQFADAhMR8wHQYDVQQDExZCYXB0aXN0IE1lZGljYWwgQ2VudGVyMB4XDTA4MDQxNDIwMjQ0MFoXDTE4MDQxMjIwMjQ0MFowITEfMB0GA1UEAxMWQmFwdGlzdCBNZWRpY2FsIENlbnRlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvR30OZ5RDbcK0RjtPbGx5QizNlvsCfCyYkz6DiUIF7K/qAB6mqdVNr8VFQP8DngeJBUHi6Z3Y/B+SCQC3teJvocQRlVCz2lIY4dNCpmhHMTBjtz+yxuMtc77NEPNkK2aqWXLbIeYNDekcR1wbQltzIs9y+/1Y2j1KAIcV5HIKcCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBUtHmdPXOkMU5GCJACdXwv+KylaS5zowMZ89V0JTuQGhIuSymsW8kKd7LluI2zQ3sdVCx4NE3/jYISTGlM01AJGJReBoDFkIaeozJ2t2Qch34mQ7L0SIrtUEUeBpIBmeS92NGQEKpHdDF/on+a92IooGnrNcYaEPh7zyOEBMuldg==</X509Cert! ificate></X509Data></KeyInfo></Signature><Conditions NotBefore=\"2008-04-24T11:25:51Z\" NotOnOrAfter=\"2008-04-26T11:25:51Z\"><AudienceRestrictionCondition><Audience>http://www.opensaml.org</Audience></AudienceRestrictionCondition></Conditions><AuthenticationStatement AuthenticationInstant=\"2008-04-25T11:25:52Z\" AuthenticationMethod=\"urn:oasis:names:tc:SAML:1.0:am:password\"><Subject xmlns=\"urn:oasis:names:tc:SAML:1.0:assertion\"><NameIdentifier>pkrug001</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement></Assertion></Response>"



 


The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.





Archive powered by MHonArc 2.6.16.

Top of Page