mace-opensaml-users - Re: [OpenSAML] Digest/Signature value logging at Receiver's side - OpenSAML 2.0

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Digest/Signature value logging at Receiver's side - OpenSAML 2.0

From: lakshmi narasimhan <>
To:
Subject: Re: [OpenSAML] Digest/Signature value logging at Receiver's side - OpenSAML 2.0
Date: Wed, 6 Jan 2010 15:49:36 +0000
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=eaWI3C6OmGE2XGpsVtyE1SsLCXrAj0GIk2H4U9l0oS0OsClz2zA65Vzx5/AGU1sMh6 sfv51hO6tga2e8G3mF4IFLVEW5g2J2jMkU670r2aUbcLoDiwRJ1KeT2JxCGaz8q8udpZ ExyNfbvmXJRJand7t0G0WoNpFOC7qPJ2ueTAo=

Thanks for the quick response! I enabled logging for the given category. However, I am still not able to see the Digest value in the logs. Here is the log I'm seeing:

06 Jan 2010 15:37:40,035 DEBUG SignatureValidator : Attempting to validate signature using key from supplied credential

06 Jan 2010 15:37:40,035 DEBUG SignatureValidator : Creating XMLSignature object

06 Jan 2010 15:37:40,035 DEBUG SignatureValidator : Validating signature with signature algorithm URI: http://www.w3.org/2000/09/xmldsig#rsa-sha1

06 Jan 2010 15:37:40,035 DEBUG SignatureValidator : Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'

06 Jan 2010 15:37:40,035 DEBUG XMLSignature : SignatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1

06 Jan 2010 15:37:40,035 DEBUG SignatureAlgorithm : Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"

06 Jan 2010 15:37:40,035 DEBUG JCEMapper : Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1

06 Jan 2010 15:37:40,035 DEBUG SignatureBaseRSA : Created SignatureRSA using SHA1withRSA

06 Jan 2010 15:37:40,035 DEBUG XMLSignature : jceSigAlgorithm = SHA1withRSA

06 Jan 2010 15:37:40,035 DEBUG XMLSignature : jceSigProvider = SunRsaSign

06 Jan 2010 15:37:40,035 DEBUG XMLSignature : PublicKey = Sun RSA public key, 1024 bits

modulus: 144527689969456648621031867081668625591934928913828776896482250482665569845107097888771593165607135877494179594818957097695833486342364754373076091211224445098327383462514506470108892952821441828571770307210099337971034587639379246347385114506687414215313915604460209540424928001739558247290051916579336875697

public exponent: 65537

06 Jan 2010 15:37:40,067 DEBUG SignerOutputStream : Canonicalized SignedInfo:

06 Jan 2010 15:37:40,067 DEBUG SignerOutputStream : <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI="#2bab6345-e45f-436b-af65-ea0b1ea6faaa"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>muqAFKmI4AzwVIu3caS1SJ6zg8w=</ds:DigestValue></ds:Reference></ds:SignedInfo>

06 Jan 2010 15:37:40,067 WARN XMLSignature : Signature verification failed.

06 Jan 2010 15:37:40,067 DEBUG SignatureValidator : Signature did not validate against the credential's key

06 Jan 2010 15:37:40,067 INFO ValidateSAML2Signature : Exception occurred during signature validationSignature did not validate against the credential's key

06 Jan 2010 15:37:40,067 DEBUG ValidateSAML2Signature : Exception occurred during signature validationSignature did not validate against the credential's key

Please advise.

Thanks in advance,

Laks.

On Wed, Jan 6, 2010 at 1:47 AM, Scott Cantor <> wrote:

> Can someone please guide us on how best we can achieve this and also what
> loggers need to be enabled? Any help would be gratefully received.

The category is org.apache.xml.security.utils.DigesterOutputStream

-- Scott

Digest/Signature value logging at Receiver's side - OpenSAML 2.0, lakshmi narasimhan, 01/05/2010
- RE: [OpenSAML] Digest/Signature value logging at Receiver's side - OpenSAML 2.0, Scott Cantor, 01/05/2010
- Message not available
  - Re: [OpenSAML] Digest/Signature value logging at Receiver's side - OpenSAML 2.0, lakshmi narasimhan, 01/06/2010
    - RE: [OpenSAML] Digest/Signature value logging at Receiver's side - OpenSAML 2.0, Scott Cantor, 01/06/2010
    - Message not available
      - Re: [OpenSAML] Digest/Signature value logging at Receiver's side - OpenSAML 2.0, lakshmi narasimhan, 01/06/2010
        
        RE: [OpenSAML] Digest/Signature value logging at Receiver's side - OpenSAML 2.0, Scott Cantor, 01/06/2010
        
        Message not available
        
        Re: [OpenSAML] Digest/Signature value logging at Receiver's side - OpenSAML 2.0, lakshmi narasimhan, 01/21/2010
        
        Re: [OpenSAML] Digest/Signature value logging at Receiver's side - OpenSAML 2.0, Brent Putman, 01/21/2010
        Re: [OpenSAML] Digest/Signature value logging at Receiver's side - OpenSAML 2.0, lakshmi narasimhan, 01/21/2010

List archive

Re: [OpenSAML] Digest/Signature value logging at Receiver's side - OpenSAML 2.0