Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] RE: Digital signature not valid

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] RE: Digital signature not valid


Chronological Thread 
  • From: Deena Gurajala <>
  • To:
  • Subject: Re: [OpenSAML] RE: Digital signature not valid
  • Date: Fri, 28 Aug 2009 09:31:30 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=cEpJ/3nSiYa290D7wEqZ14CRsHDyrAXZV465DL2OgPpNJP5XWjVC9rNvatbNKkXteT X+bwP8ePzacPdywXOltkwL8CJmT6plzzbjbqLBQjnYk7u727/vcT5fUv7bPTkg6B1nyk mnQo6CM9SStYZUHwYwHjoKJ9Ju04fZPkt8UcA=
Hi,

I don't you found the solution or not. Thebelow code is working for me. Everything you and I are doing the sma except the way building the signature. Please find the modified code below. I hope it works.


 
        assertion.setID("_k7722b88");

    

// This below part is same is same
         KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

             char[] password = "xxxxxx".toCharArray();

             FileInputStream fis = new FileInputStream("c:/keystore/test.ks");

             ks.load(fis, password);

             fis.close();

             char[] achKeyStorePass = password;

             String keyAlias = "mytestkey";

             PrivateKey pk =  (PrivateKey) ks.getKey(keyAlias,achKeyStorePass);

             X509Certificate certificate = (X509Certificate) ks.getCertificate(keyAlias);

             BasicX509Credential credential = new BasicX509Credential();

             credential.setEntityCertificate(certificate);

             credential.setPrivateKey(pk);

//Below is the difference


            SignatureBuilder signBldr=new SignatureBuilder();
            Signature signature = signBldr.buildObject();

            signature.setSigningCredential(credential);

            signature
                    .setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);

            signature
                    .setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

       assertion.setSignature(signature);

           MarshallerFactory marshallerFactory = Configuration
                    .getMarshallerFactory();
            Marshaller marshaller = marshallerFactory.getMarshaller(assertion);
            element = marshaller.marshall(assertion);
           
            Signer.signObject(assertion);



On Fri, Aug 28, 2009 at 8:40 AM, Scott Cantor <> wrote:
Ravi Balasubramanian wrote on 2009-08-28:
> Yes, it is the ID I set to assertion...

Then the xmlsec verifier doesn't know what IDs exist, which is not terribly
unusual. I suspect you're doing SAML 1 and would have to do SAML 2 to get
that online verifier to work by guessing that an attribute called ID is an
XML ID. Patently insecure, but that's common.

-- Scott





Archive powered by MHonArc 2.6.16.

Top of Page