OpenSAML user discussion

[Guzman Llambias <>]

You mean the XMLHelper.prettyPrinting method? because that method puts the 
<?xml version="1.0" encoding="UTF-8"?> string


----- Mensaje original -----
De: "Chad La Joie" 
<>
Para: 

Enviados: Miércoles, 24 de Febrero 2010 9:38:45 GMT -03:00 Montevideo
Asunto: Re: [OpenSAML] Remove <?xml version="1.0" encoding="UTF-8"?>

Look at the code in XMLHelper in the OpenSAML library.  The 
serialization code there works.  I forget what the actual method name 
is.  I think it's like writeNode or something.

On 2/24/10 6:36 AM, Guzman Llambias wrote:
> You were right when I asked something about the api, because with this code 
> I'm having trouble and I think somehing wrong happends that may break the 
> signature. Do you know about some recommendations when using transformers? 
> because this code doesn't work for me.
>
> I've put a man in the middle erase by hand the comments and work, but when 
> I use this code, it doesn't. So, I thought I'm doing something wrong here
>
> Regards
> guzman
>
>
>
> ----- Mensaje original -----
> De: "Chad La 
> Joie"<>
> Para: 
> 
> Enviados: Miércoles, 24 de Febrero 2010 9:30:38 GMT -03:00 Montevideo
> Asunto: Re: [OpenSAML] Remove<?xml version="1.0" encoding="UTF-8"?>
>
> Yes, I know about that.  I thought you were asking about the OpenSAML
> APIs which don't expose that.  But yes, if you're going to do your own
> transformation that's fine.  Just be very careful, if you don't anything
> to change the structure of the DOM (i.e. collapse whitespace) you will
> corrupt the signature.
>
> On 2/24/10 6:27 AM, Guzman Llambias wrote:
>> Chad, thanks for the quick answer!
>>
>> I asked if there exists something within the api because when I try using 
>> Java Transformer to serialize and append it to the soap message something 
>> gets broken. Do you know if java transformer with 
>> OutputKeys.OMIT_XML_DECLARATIONS affects the signature?
>>
>> I use something like this:
>>
>> OutputStream out = new ByteArrayOutputStream();
>> StreamResult streamResult = new StreamResult();
>> streamResult.setOutputStream(out);
>> Transformer transformer = 
>> TransformerFactory.newInstance().newTransformer();
>> transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
>> transformer.transform(s, streamResult);
>>
>> thanks a lot!
>> guzman
>> ----- Mensaje original -----
>> De: "Chad La 
>> Joie"<>
>> Para: 
>> 
>> Enviados: Miércoles, 24 de Febrero 2010 9:12:51 GMT -03:00 Montevideo
>> Asunto: Re: [OpenSAML] Remove<?xml version="1.0" encoding="UTF-8"?>
>>
>> The XML declaration isn't part of the signature, nor is there a way to
>> remove it via the API.  It's simply part of a valid XML document which
>> is what you get when you serialize out the XML.
>>
>> On 2/24/10 6:06 AM, Guzman Llambias wrote:
>>> Hi! I generated a signed SAML token and I want to use it in a 
>>> RequestSecurityToken message of the WS-Trust specificaction. 
>>> Unfortunately, when I serialize the message and put it in the soap 
>>> message, it also puts the comment<?xml version="1.0" encoding="UTF-8"?>. 
>>> Is there a way to remove it using the api? if not, do you know a way to 
>>> do so that doesn't break the signature?
>>>
>>> thanks in advance!
>>> Guzman
>>>
>>> Here's an example of the problem
>>>
>>> <soap:envelope>
>>>      <soap:header>
>>>      ...
>>>      </soap:header>
>>>      <soap:body>
>>>        <wst:RequestSecurityToken>
>>>          ...
>>>          <Base>
>>>            <?xml version="1.0" encoding="UTF-8"?><saml1:Assertion 
>>> xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" 
>>> AssertionID="_6a44ae30d9a7ea65cc313ec28d70a7f4" 
>>> IssueInstant="2010-02-12T17:08:12.328Z" Issuer="Agesic" MajorVersion="1" 
>>> MinorVersion="0">
>>>            ...
>>>            </saml1:Assertion>
>>>          </Base>
>>>        </wst:RequestSecurityToken>
>>>      </soap:body>
>>> </soap:envelope>
>>
>

-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered