OpenSAML user discussion

[Craig Setera <>]

Scott Cantor wrote:
> There are no instructions for much of anything in either version, that's
> always been true. The old library has been unsupported for over a year, so
> you either switch, regardless of the pain, or you're now the proud
> maintainer of a SAML library. That's why we don't advertise or market this
> code. We don't have the resources to provide any niceties.
>
>   
Yep.  Certainly not trying to bite the hand providing me free code!  I 
appreciate the feedback you've already given.  I have downloaded the 
latest version and I'm taking a look at it now.
> There's no way to answer that without knowing what the problem is. Yes, the
> new code uses the same library (probably a much newer version). There are
> substantial differences in how the code handles signing, but verification
> still basically requires the original DOM and just hands it to the same
> code. Chances are it's being corrupted in transit if the signing code is
> known to work.
>
> -- Scott
>
>   
Any thoughts on how it might be corrupted in transit?  Looking at the 
XML, it looks OK.  Would it be obvious?  My cursory reading of the 
related specifications lead me to believe that the C14N and 
normalization would take care of non-obvious things such as whitespace.  
Is that understanding correct? If so, it comes down to the elements, 
attributes and their values that make up the input to the digest.

One other question.  Does the public/private key information have 
anything to do with the digest generation?  It doesn't appear to from my 
reading, but I wanted to validate that.

Craig