mace-opensaml-users - Re: [OpenSAML] XML signatures and canonicalization
Subject: OpenSAML user discussion
List archive
- From: Anil Saldhana <>
- To:
- Subject: Re: [OpenSAML] XML signatures and canonicalization
- Date: Wed, 1 Apr 2009 17:49:18 -0500
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=qvYBlnx6Z9++eno0Da+Knrzt2KiwxDwJ4snZS0Qe1SiQ9WNi5DJLT2KyJ0K2tj1EUv y7ZfF8Drxj6Cx3ZzgF927kv2y/dDF+68uXQ4oe5HQ9RVWvqBEk/mLzm9W7YPMhdl4LRe jODmEhQ908eaY6xUSO0BZwu+bU4H400Rtp6l8=
Mitch,
you are correct. Whitespaces/pretty printing etc will fail sig validation.
Cheers.
On Wed, Apr 1, 2009 at 5:39 PM, Mitchell Prentice <> wrote:
HelloI have a signed SAML 2.0 assertion that includes http://www.w3.org/2001/10/xml-exc-c14n# canonicalization. Apparently the creator of this signed assertion signed the assertion and then formatted the assertion with whitespace characters after signing. I can verify the signature if the whitespace characters are not added but if the whitespace characters are added then the signature verification fails. The creator of the SAML assertion says that canonicalization is supposed to remove the whitespaces and that it's a bug if you cannot verify the signature even if the XML has been modified after signing by the inclusion of whitespaces. My understanding is that this is not the case and that you cannot add whitespace to the XML and still expect the signature to verify. Which is correct?ThanksMitch
- XML signatures and canonicalization, Mitchell Prentice, 04/01/2009
- Re: [OpenSAML] XML signatures and canonicalization, Anil Saldhana, 04/01/2009
- Re: [OpenSAML] XML signatures and canonicalization, Mitchell Prentice, 04/02/2009
- RE: [OpenSAML] XML signatures and canonicalization, Bob Jacoby, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, Chad La Joie, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, Anil Saldhana, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, Xavier Drudis Ferran, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, Mitchell Prentice, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, edward . thompson, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, Jim Fox, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, Mitchell Prentice, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, Anil Saldhana, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, Mitchell Prentice, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, Anil Saldhana, 04/01/2009
Archive powered by MHonArc 2.6.16.