Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Using Holder of Key with Digital Signature

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Using Holder of Key with Digital Signature


Chronological Thread 
  • From: Deena Gurajala <>
  • To:
  • Subject: Re: [OpenSAML] Using Holder of Key with Digital Signature
  • Date: Tue, 28 Jul 2009 13:58:27 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=qKOewuMOkOKczdOQwLPmmelWKli0pZdIOwsZgyc42iDxAUEiF1BjleLH+5QTT1p9Qw NRlGQvBL8QCsJiaG8Gu/o/7YK4LT8Xh1gJy4LqAxAd1yPkwS/rCfJrRFOz+5CnUx6HP5 f8TW94T0VE8jEhOkxMwNYPv1CQY63yij7NnuA=

Hi Scott,

I figured it out the problem. The way I am adding the Key confirmation data is wrong. I did some search (One of old thread in the same forum) and was able to figure it out the correct way.

Thank you for your response though.

--Deena.

On Tue, Jul 28, 2009 at 1:47 PM, Deena Gurajala <> wrote:
Hi Scott,

I am sorry for my bad English. But can you give me direction to add Holder of key confirmation data to an Authentication request? Because the signature verification is failing only when I add Subject confirmation Data to the request. Otherwise it is working fine.


On Tue, Jul 28, 2009 at 12:54 PM, Scott Cantor <> wrote:
> I am trying to create an AuthenticationRequest with openSAML. this request
> is signed using client private key and contains Holder-of-Key.

Holder of Key is a term related to assertion subject confirmation, not
requests.

> I am able to
> generate the request but signature validation is failing on other side.

That's not something that can be debugged looking at code, you have to log
the octets being digested by the xmlsec library and compare them to see
what's different and where the problem's coming from.

-- Scott







Archive powered by MHonArc 2.6.16.

Top of Page