Skip to Content.

Sympa Menu

mace-opensaml-users - Re: Re: [OpenSAML] new user - AttributeQuery / SOAP question

List Options Menu

Subject: OpenSAML user discussion

List archive

Re: Re: [OpenSAML] new user - AttributeQuery / SOAP question

From:
To:
Subject: Re: Re: [OpenSAML] new user - AttributeQuery / SOAP question
Date: Mon, 27 Oct 2008 14:08:32 -0400 (EDT)

Thanks for the reply Brent - I agree that the prefix should not matter - and
we're working on this with the other party to try and find out what their
tool is actually doing. They mentioned they are using some kind of optimizer
- and I am not sure why they would want to optimize (and therefore
potentially modify) signed XML.
This leads to another question/issue. This so called optimizer the other
party is using is stripping off extra namespaces - and of course that causes
the signature to fail. While I am not sure that they should be doing that -
from my end is there a way to eliminate namespaces in certain tags ?? In the
output below, you can see that 'xmlns:ds="http://www.w3.org/2000/09/xmldsig#'
is added to each tag - whereas it may only be necessary at the Signature tag.
Is there a way to remove this from the other tags ?? I know this probably
should not be necessary - but I would like to find out if that may be an
option.

Thanks again for the assistance.

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; />
<ds:Reference URI="#A48b2ede20a352f13200054130000aa33"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ec:InclusiveNamespaces PrefixList="ds saml samlp"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; />
<ds:DigestValue
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>nnawuIEMBw6O5H5nAgNYSk18W8Y=</ds:DigestValue>

</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>SiyuNjYxkaSwr3C2P29ihgzzSIN1SMh7vFZjRBYrV9p51DDv/Axz5GjnWg=</ds:SignatureValue>

<ds:Signature>

Re: Re: [OpenSAML] new user - AttributeQuery / SOAP question, brett . sutherland, 10/27/2008
- Re: [OpenSAML] new user - AttributeQuery / SOAP question, Brent Putman, 10/27/2008

Archive powered by MHonArc 2.6.16.