OpenSAML user discussion

[Brent Putman <>]

murali mca wrote:

> 18-Nov-2009 22:40:17
> org.opensaml.security.SAMLSignatureProfileValidator validateTransforms
> SEVERE: Signature was missing the required Enveloped signature transform
> org.opensaml.xml.validation.ValidationException: Transforms did not
> contain the required envelope

The error's pretty self-explanatory, the Signature doesn't contain the
Enveloped transform.  The SAMLSignatureProfileValidator requires that. 
If someone is sending you the signature, you need to get them to fix
it.  If you are generating the signature, well, you're doing something
wrong.  See the wiki below for info on how to sign with OpenSAML.

However, just to check since you said you are trying "to verify the
signature in SAML" - realize that the SAMLSignatureProfileValidator does
not cryptographically verify the signature.  It's purpose is just to
validate certain constraints of the SAML signature profile, before
actually doing the crypto.  That's to prevent certain kinds of DoS
attacks against the verifier.

If you actually want to cryptographically verify the signature itself,
see the user's manual signature wiki page:

https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManJavaDSIG