OpenSAML user discussion

[Guzman Llambias <>]

Thanks for the answer scott!

>There is no "order" to namespaces in a DOM, so whatever your basis is 
>for that statement is itself the result of a serialization that 
>doesn't guarantee order. And reordering them doesn't generally 
>affect a signature, that's handled by c14n. Moving them around or 
>changing the prefixes is a different story, but even moving them doesn't 
>always break it.

And if I move them as the examples I put? that would break the signature?

Regards
Guzman

----- Mensaje original -----
De: "Scott Cantor" 
<>
Para: 

Enviados: Martes, 6 de Abril 2010 19:41:23 GMT -03:00 Montevideo
Asunto: RE: [OpenSAML] Signature not valid because of namespace order

> Hi! I'm doing some test with opensaml and I'm having some trouble to
> validate the signature.

There are numerous threads on this in the archive and the steps you'll have 
to take to work on it.

> I receive a string representation of a saml from an HTTP channel and when I
> parse it using the opensaml lib, it generates the same representation but
> with the namespace order changed, causing a different saml token. Is there a
> way to avoid this?

There is no "order" to namespaces in a DOM, so whatever your basis is for 
that statement is itself the result of a serialization that doesn't guarantee 
order. And reordering them doesn't generally affect a signature, that's 
handled by c14n. Moving them around or changing the prefixes is a different 
story, but even moving them doesn't always break it.

-- Scott