OpenSAML user discussion

[Brent Putman <>]

murali mca wrote:
>
>     Thanks for clear explanation.
>      
>     I was using Prettyprint in my code. I removed that and gave
>     another try to validate the signature. This time I
>     encountered below error:
>
>     java.lang.RuntimeException: 
> org.apache.xml.security.signature.XMLSignatureException: object not 
> initialized for signature or verification
>     Original Exception was java.security.SignatureException: object not 
> initialized for signature or verification
>               
>


IIRC, I'm pretty sure this error occurs from trying to use the same
Apache XMLSignature object to both sign and then verify a document in
the same thread.  It's a known issue with Apache xmlsec.  If you're
trying to test the validation in your code immediately after signing,
you should serialize the signed document and then deserialize the DOM
and unmarshall a new XMLObject tree around it, which will also create a
new Apache XMLSignature object, and then verify that new XMLObject.  
That should avoid this problem.