OpenSAML user discussion

["Scott Cantor" <>]

> No. I am want to make sure the code segment I have is right, as I tried in
> multiple signature validators and all failed to validate.

I'm sure your code's probably wrong, but that doesn't make it a simple
matter to determine why. I didn't understand anything you said about the
Reference issue, as Reference syntax in SAML is fixed by the spec.

> >                     Signature signature = (new
> > SignatureBuilder()).buildObject();
> >
> >                     Namespace signNS = new
> > Namespace("http://www.w3.org/2009/09/xmldsig#";, "");

FWIW, that namespace code looks suspicious to me, but if some example you
got from the wiki says to do it, I guess it's ok.

The only way you're going to debug this is to obtain logs of the digest
input on both ends and compare them. None of that has anything to do with
this code, it's dependent on the signing library underneath.

-- Scott