OpenSAML user discussion

["Ravi Balasubramanian" <>]

I am generating a SAML response with digital signature and my x509certificate data. Trying to validate the digital signature using http://www.aleksey.com/xmlsec/xmldsig-verifier.html

Having two issues:

1. The verifier is looking for node within <Signature.. /> specified by Reference URI. But my digital signature does not have that node. Reference URL is defaulting to the Assertion ID which is being digitally signed.
2. Even when I manually add the node, the verification fails.  My digital signature code looks like this:

 

                    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

                    char[] password = "xxxxxx".toCharArray();

                    FileInputStream fis = new FileInputStream("c:/keystore/test.ks");

                    ks.load(fis, password);

                    fis.close();

                    char[] achKeyStorePass = password;

                    String keyAlias = "mytestkey";

                    PrivateKey pk =  (PrivateKey) ks.getKey(keyAlias,achKeyStorePass);

                    X509Certificate certificate = (X509Certificate) ks.getCertificate(keyAlias);

                    BasicX509Credential credential = new BasicX509Credential();

                    credential.setEntityCertificate(certificate);

                    credential.setPrivateKey(pk);

                    Signature signature = (new SignatureBuilder()).buildObject();

                    Namespace signNS = new Namespace("http://www.w3.org/2009/09/xmldsig#", "");

                    signature.addNamespace(signNS);

                    signature.setSigningCredential(credential);

                    signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA);

                    signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_OMIT_COMMENTS);

                    KeyInfo keyinfo = (new KeyInfoBuilder()).buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);

                    KeyInfoHelper.addCertificate(keyinfo, certificate);

                    SecurityHelper.prepareSignatureParams(signature,credential, null, null);

                    assertion.setSignature(signature);

 

The code generates signature but when validating, says not able to validate.