Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Signature problems

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Signature problems


Chronological Thread 
  • From: Brent Putman <>
  • To: "" <>
  • Cc:
  • Subject: Re: [OpenSAML] Signature problems
  • Date: Thu, 06 Nov 2008 12:12:55 -0500

This sounds like the Apache xmlsec issue that effectively disallows you
from signing then verifying (or vice versa) for the same algorithm in a
given thread. Check whether you are doing something along those lines.
If it's not that exact issue, it's at least something similar, due to
some rather questionable optimizations in Apache xmlsec.

See:
https://mail.internet2.edu/wws/arc/mace-opensaml-users/2008-09/msg00011.html

and especially the Apache bug report referenced from there:

https://issues.apache.org/bugzilla/show_bug.cgi?id=44204





wrote:
> Hi, we have to read and modify an SAMLResponse.
>
> //read SAMLResponse
> from a string
> Response response = (Response) responseUnmarsh.unmarshall
> (XMLUtils.parse("<samlp:Response>...</samlp:Response>").
> getDocumentElement());
>
> //modify SAMLResponse
> response.setInResponseTo
> ("...");
>
> //Recreate SAMLResponse
> new ResponseMarshaller().marshall
> (response);
>
> //Now, we have to computing the Signature Value
> Signature
> signature = response.getSignature();
> Signer.signObject(signature);
>
>
> But, Signer.signObject throws this exception
>
> Original Exception was
> java.security.SignatureException: object not initialized for signature
> or verification
> Where is the error?
>
>
> _______________________________________________________________
>
>
>
> Telefona e naviga senza limiti con Tiscali Voce 8 Mega a soli € 15 al mese
> per i primi 12 mesi. In seguito paghi € 29,90 al mese. Attiva entro il
> 6/11/08! http://abbonati.tiscali.it/promo/voce8mega/
>



Archive powered by MHonArc 2.6.16.

Top of Page