Skip to Content.
Sympa Menu

mace-opensaml-users - XML signatures and canonicalization

Subject: OpenSAML user discussion

List archive

XML signatures and canonicalization


Chronological Thread 
  • From: Mitchell Prentice <>
  • To:
  • Subject: XML signatures and canonicalization
  • Date: Thu, 2 Apr 2009 08:39:41 +1000
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=NYxHMgI80+a82IV/mP7vl8V52klItXVEdHlo5kbYSTI05PgyWyqIeEx5LX4w+W4k1b Xxst6/FmHYwdzsULQ5t9k4ZMvuIBQNznFpt+DhpMdVWFr6aSu9vFVFkJvT0RP7Si3cvP HL8zlADM7YoliBDAYiBVGmWUrtECyWpomdEXo=

Hello
 
I have a signed SAML 2.0 assertion that includes http://www.w3.org/2001/10/xml-exc-c14n# canonicalization. Apparently the creator of this signed assertion signed the assertion and then formatted the assertion with whitespace characters after signing. I can verify the signature if the whitespace characters are not added but if the whitespace characters are added then the signature verification fails. The creator of the SAML assertion says that canonicalization is supposed to remove the whitespaces and that it's a bug if you cannot verify the signature even if the XML has been modified after signing by the inclusion of whitespaces. My understanding is that this is not the case and that you cannot add whitespace to the XML and still expect the signature to verify. Which is correct?
 
Thanks
Mitch



Archive powered by MHonArc 2.6.16.

Top of Page