mace-opensaml-users - RE: [OpenSAML] Signature not valid because of namespace order
Subject: OpenSAML user discussion
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: [OpenSAML] Signature not valid because of namespace order
- Date: Tue, 6 Apr 2010 18:41:23 -0400
- Organization: The Ohio State University
> Hi! I'm doing some test with opensaml and I'm having some trouble to
> validate the signature.
There are numerous threads on this in the archive and the steps you'll have
to take to work on it.
> I receive a string representation of a saml from an HTTP channel and when I
> parse it using the opensaml lib, it generates the same representation but
> with the namespace order changed, causing a different saml token. Is there a
> way to avoid this?
There is no "order" to namespaces in a DOM, so whatever your basis is for
that statement is itself the result of a serialization that doesn't guarantee
order. And reordering them doesn't generally affect a signature, that's
handled by c14n. Moving them around or changing the prefixes is a different
story, but even moving them doesn't always break it.
-- Scott
- Signature not valid because of namespace order, Guzman Llambias, 04/06/2010
- RE: [OpenSAML] Signature not valid because of namespace order, Scott Cantor, 04/06/2010
- Re: [OpenSAML] Signature not valid because of namespace order, Guzman Llambias, 04/06/2010
- RE: [OpenSAML] Signature not valid because of namespace order, Scott Cantor, 04/06/2010
- RE: [OpenSAML] Signature not valid because of namespace order, Scott Cantor, 04/06/2010
- Re: [OpenSAML] Signature not valid because of namespace order, Guzman Llambias, 04/07/2010
- Re: [OpenSAML] Signature not valid because of namespace order, Guzman Llambias, 04/06/2010
- RE: [OpenSAML] Signature not valid because of namespace order, Scott Cantor, 04/06/2010
Archive powered by MHonArc 2.6.16.