OpenSAML user discussion

[Chad La Joie <>]

The XML declaration isn't part of the signature, nor is there a way to 
remove it via the API.  It's simply part of a valid XML document which 
is what you get when you serialize out the XML.

On 2/24/10 6:06 AM, Guzman Llambias wrote:
> Hi! I generated a signed SAML token and I want to use it in a RequestSecurityToken message of the 
> WS-Trust specificaction. Unfortunately, when I serialize the message and put it in the soap message, it 
> also puts the comment<?xml version="1.0" encoding="UTF-8"?>. Is there a way 
> to remove it using the api? if not, do you know a way to do so that doesn't break the signature?
>
> thanks in advance!
> Guzman
>
> Here's an example of the problem
>
> <soap:envelope>
>    <soap:header>
>    ...
>    </soap:header>
>    <soap:body>
>      <wst:RequestSecurityToken>
>        ...
>        <Base>
>          <?xml version="1.0" encoding="UTF-8"?><saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" 
> AssertionID="_6a44ae30d9a7ea65cc313ec28d70a7f4" IssueInstant="2010-02-12T17:08:12.328Z" Issuer="Agesic" MajorVersion="1" 
> MinorVersion="0">
>          ...
>          </saml1:Assertion>
>        </Base>
>      </wst:RequestSecurityToken>
>    </soap:body>
> </soap:envelope>

--
Chad La Joie
www.itumi.biz
trusted identities, delivered