mace-opensaml-users - RE: [OpenSAML] RE: SAML1.1 response signature validation fails but assertion signature validation passes

Subject: OpenSAML user discussion

List archive

RE: [OpenSAML] RE: SAML1.1 response signature validation fails but assertion signature validation passes

From: "Pantvaidya, Vishwajit" <>
To: "''" <>
Subject: RE: [OpenSAML] RE: SAML1.1 response signature validation fails but assertion signature validation passes
Date: Mon, 17 Nov 2008 09:34:11 -0800
Accept-language: en-US
Acceptlanguage: en-US

Attempting resend as a zip file as it keeps on rejecting my mail as being above the size limit.

From: Pantvaidya, Vishwajit
Sent: Monday, November 17, 2008 9:24 AM
To: ''
Subject: [OpenSAML] RE: SAML1.1 response signature validation fails but assertion signature validation passes

> The only real way to debug this is to get the canonicalized input data

> from both the signer and validator, and do a byte-by-byte comparison to

> spot the difference(s). In Apache xmlsec 1.4.2 (and so in the latest

> versions of OpenSAML also), you can do this by setting DEBUG level

> logging for the following packages:

> org.apache.xml.security.utils.DigesterOutputStream - represents the

> Reference data to be digested

[Pantvaidya, Vishwajit] Attaching the log I got by turning debug on for the digester on the validation side. I see only the assertion signature and its digest but not the response signature and its digest in the messages. Shouldn’t I be seeing that in the logs? On the sending side, I checked out the server log and the response digest and signature are present in the logged messages. Is this the issue?

Attachment: log.zip
Description: log.zip

SAML1.1 response signature validation fails but assertion signature validation passes, Pantvaidya, Vishwajit, 11/13/2008
- RE: SAML1.1 response signature validation fails but assertion signature validation passes, Pantvaidya, Vishwajit, 11/13/2008
  - Re: [OpenSAML] RE: SAML1.1 response signature validation fails but assertion signature validation passes, Brent Putman, 11/14/2008
    - RE: [OpenSAML] RE: SAML1.1 response signature validation fails but assertion signature validation passes, Pantvaidya, Vishwajit, 11/14/2008
      - Message not available
        
        Message not available
        
        RE: [OpenSAML] RE: SAML1.1 response signature validation fails but assertion signature validation passes, Pantvaidya, Vishwajit, 11/17/2008
        
        RE: [OpenSAML] RE: SAML1.1 response signature validation fails but assertion signature validation passes, Scott Cantor, 11/17/2008
        
        Re: [OpenSAML] RE: SAML1.1 response signature validation fails but assertion signature validation passes, Brent Putman, 11/17/2008
        RE: [OpenSAML] RE: SAML1.1 response signature validation fails but assertion signature validation passes, Pantvaidya, Vishwajit, 11/17/2008
        RE: [OpenSAML] RE: SAML1.1 response signature validation fails but assertion signature validation passes, Scott Cantor, 11/17/2008
        RE: [OpenSAML] RE: SAML1.1 response signature validation fails but assertion signature validation passes, Pantvaidya, Vishwajit, 11/17/2008
        RE: [OpenSAML] RE: SAML1.1 response signature validation fails but assertion signature validation passes, Scott Cantor, 11/17/2008
        RE: [OpenSAML] RE: SAML1.1 response signature validation fails but assertion signature validation passes, Pantvaidya, Vishwajit, 11/17/2008
        RE: [OpenSAML] RE: SAML1.1 response signature validation fails but assertion signature validation passes, Pantvaidya, Vishwajit, 11/17/2008
        RE: [OpenSAML] RE: SAML1.1 response signature validation fails but assertion signature validation passes, Scott Cantor, 11/17/2008
        RE: [OpenSAML] RE: SAML1.1 response signature validation fails but assertion signature validation passes, Pantvaidya, Vishwajit, 11/17/2008

List archive

RE: [OpenSAML] RE: SAML1.1 response signature validation fails but assertion signature validation passes