OpenSAML user discussion

[Brent Putman <>]

This sounds like the Apache xmlsec issue that effectively disallows you
from signing then verifying (or vice versa) for the same algorithm in a
given thread.  Check whether you are doing something along those lines. 
If it's not that exact issue, it's at least something similar, due to
some rather questionable optimizations in Apache xmlsec.

See:
https://mail.internet2.edu/wws/arc/mace-opensaml-users/2008-09/msg00011.html

and especially the Apache bug report referenced from there:

https://issues.apache.org/bugzilla/show_bug.cgi?id=44204





 wrote:
> Hi, we have to read and modify an SAMLResponse.
>
> //read SAMLResponse 
> from a string
> Response response = (Response) responseUnmarsh.unmarshall
> (XMLUtils.parse("<samlp:Response>...</samlp:Response>").
> getDocumentElement());
>
> //modify SAMLResponse
> response.setInResponseTo
> ("...");
>
> //Recreate SAMLResponse
> new ResponseMarshaller().marshall
> (response);
>
> //Now, we have to computing the Signature Value
> Signature 
> signature = response.getSignature();
> Signer.signObject(signature);
>
>
> But, Signer.signObject throws this exception
>
> Original Exception was 
> java.security.SignatureException: object not initialized for signature 
> or verification
> Where is the error?
>
>
> _______________________________________________________________
>
>
>
> Telefona e naviga senza limiti con Tiscali Voce 8 Mega a soli € 15 al mese 
> per i primi 12 mesi. In seguito paghi € 29,90 al mese. Attiva entro il 
> 6/11/08! http://abbonati.tiscali.it/promo/voce8mega/
>