Skip to Content.
Sympa Menu

mace-opensaml-users - RE: [OpenSAML] RE: Digital signature not valid

Subject: OpenSAML user discussion

List archive

RE: [OpenSAML] RE: Digital signature not valid


Chronological Thread 
  • From: "Ravi Balasubramanian" <>
  • To: <>
  • Subject: RE: [OpenSAML] RE: Digital signature not valid
  • Date: Fri, 28 Aug 2009 12:40:12 -0400

Only difference between your code and my code, yours does not add KeyInfo.

 

From: Deena Gurajala [mailto:]
Sent: Friday, August 28, 2009 12:32 PM
To:
Subject: Re: [OpenSAML] RE: Digital signature not valid

 

Hi,

I don't you found the solution or not. Thebelow code is working for me. Everything you and I are doing the sma except the way building the signature. Please find the modified code below. I hope it works.


 
        assertion.setID("_k7722b88");

    

// This below part is same is same
         KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

             char[] password = "xxxxxx".toCharArray();

             FileInputStream fis = new FileInputStream("c:/keystore/test.ks");

             ks.load(fis, password);

             fis.close();

             char[] achKeyStorePass = password;

             String keyAlias = "mytestkey";

             PrivateKey pk =  (PrivateKey) ks.getKey(keyAlias,achKeyStorePass);

             X509Certificate certificate = (X509Certificate) ks.getCertificate(keyAlias);

             BasicX509Credential credential = new BasicX509Credential();

             credential.setEntityCertificate(certificate);

             credential.setPrivateKey(pk);

//Below is the difference


            SignatureBuilder signBldr=new SignatureBuilder();
            Signature signature = signBldr.buildObject();

            signature.setSigningCredential(credential);

            signature
                    .setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);

            signature
                    .setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

       assertion.setSignature(signature);

           MarshallerFactory marshallerFactory = Configuration
                    .getMarshallerFactory();
            Marshaller marshaller = marshallerFactory.getMarshaller(assertion);
            element = marshaller.marshall(assertion);
           
            Signer.signObject(assertion);


On Fri, Aug 28, 2009 at 8:40 AM, Scott Cantor <> wrote:

Ravi Balasubramanian wrote on 2009-08-28:

> Yes, it is the ID I set to assertion...

Then the xmlsec verifier doesn't know what IDs exist, which is not terribly
unusual. I suspect you're doing SAML 1 and would have to do SAML 2 to get
that online verifier to work by guessing that an attribute called ID is an
XML ID. Patently insecure, but that's common.

-- Scott


 


Archive powered by MHonArc 2.6.16.

Top of Page