OpenSAML user discussion

[anyz <>]

I have generated authResponse message using OpenSAML. However when verified through http://www.infomosaic.net/SecureXMLVerifyWS.htm service the signatures are not validated. I saw the sample response message at infomosaic includes KeyInfo tags in Signature elements.

 

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="MySignature">

   <KeyInfo><KeyValue><RSAKeyValue><Modulus>xxxxx</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue>

<X509Data><X509Certificate>xxxxxxxx</X509Certificate></X509Data></KeyInfo></Signature>

 

I tried tutorial at https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManJavaDSIG and forums but could not add KeyInfo in AuthReponse message. Can you guide what i'm missing? Following is snnipet how id tried adding keyinfo.

 

 

SecurityConfiguration secConfiguration = Configuration.getGlobalSecurityConfiguration();
NamedKeyInfoGeneratorManager namedKeyInfoGeneratorManager = secConfiguration.getKeyInfoGeneratorManager();
KeyInfoGeneratorManager keyInfoGeneratorManager = namedKeyInfoGeneratorManager.getDefaultManager();
KeyInfoGeneratorFactory keyInfoGeneratorFactory = keyInfoGeneratorManager.getFactory(credential);
KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();
KeyInfo keyInfo =

null;
try{
keyInfo = keyInfoGenerator.generate(credential);
}catch (SecurityException e) {
System.out.println(e);
}
signature.setKeyInfo(keyInfo);

Thanks