OpenSAML user discussion

[Guzman Llambias <>]

You were right when I asked something about the api, because with this code 
I'm having trouble and I think somehing wrong happends that may break the 
signature. Do you know about some recommendations when using transformers? 
because this code doesn't work for me. 

I've put a man in the middle erase by hand the comments and work, but when I 
use this code, it doesn't. So, I thought I'm doing something wrong here

Regards
guzman



----- Mensaje original -----
De: "Chad La Joie" 
<>
Para: 

Enviados: Miércoles, 24 de Febrero 2010 9:30:38 GMT -03:00 Montevideo
Asunto: Re: [OpenSAML] Remove <?xml version="1.0" encoding="UTF-8"?>

Yes, I know about that.  I thought you were asking about the OpenSAML 
APIs which don't expose that.  But yes, if you're going to do your own 
transformation that's fine.  Just be very careful, if you don't anything 
to change the structure of the DOM (i.e. collapse whitespace) you will 
corrupt the signature.

On 2/24/10 6:27 AM, Guzman Llambias wrote:
> Chad, thanks for the quick answer!
>
> I asked if there exists something within the api because when I try using 
> Java Transformer to serialize and append it to the soap message something 
> gets broken. Do you know if java transformer with 
> OutputKeys.OMIT_XML_DECLARATIONS affects the signature?
>
> I use something like this:
>
> OutputStream out = new ByteArrayOutputStream();
> StreamResult streamResult = new StreamResult();
> streamResult.setOutputStream(out);
> Transformer transformer = TransformerFactory.newInstance().newTransformer();
> transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
> transformer.transform(s, streamResult);
>
> thanks a lot!
> guzman
> ----- Mensaje original -----
> De: "Chad La 
> Joie"<>
> Para: 
> 
> Enviados: Miércoles, 24 de Febrero 2010 9:12:51 GMT -03:00 Montevideo
> Asunto: Re: [OpenSAML] Remove<?xml version="1.0" encoding="UTF-8"?>
>
> The XML declaration isn't part of the signature, nor is there a way to
> remove it via the API.  It's simply part of a valid XML document which
> is what you get when you serialize out the XML.
>
> On 2/24/10 6:06 AM, Guzman Llambias wrote:
>> Hi! I generated a signed SAML token and I want to use it in a 
>> RequestSecurityToken message of the WS-Trust specificaction. 
>> Unfortunately, when I serialize the message and put it in the soap 
>> message, it also puts the comment<?xml version="1.0" encoding="UTF-8"?>. 
>> Is there a way to remove it using the api? if not, do you know a way to do 
>> so that doesn't break the signature?
>>
>> thanks in advance!
>> Guzman
>>
>> Here's an example of the problem
>>
>> <soap:envelope>
>>     <soap:header>
>>     ...
>>     </soap:header>
>>     <soap:body>
>>       <wst:RequestSecurityToken>
>>         ...
>>         <Base>
>>           <?xml version="1.0" encoding="UTF-8"?><saml1:Assertion 
>> xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" 
>> AssertionID="_6a44ae30d9a7ea65cc313ec28d70a7f4" 
>> IssueInstant="2010-02-12T17:08:12.328Z" Issuer="Agesic" MajorVersion="1" 
>> MinorVersion="0">
>>           ...
>>           </saml1:Assertion>
>>         </Base>
>>       </wst:RequestSecurityToken>
>>     </soap:body>
>> </soap:envelope>
>

-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered