Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Error with Signer.signObject()

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Error with Signer.signObject()


Chronological Thread 
  • From: "Jason Countryman" <>
  • To:
  • Subject: Re: [OpenSAML] Error with Signer.signObject()
  • Date: Thu, 8 Apr 2010 15:48:39 -0400
I'm using 1.4.3, so that should be fine.  I'm trying to do something a little odd, something like this:

<saml2:Assertion xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="b3c912d8-7e2e-4f82-a7d9-aab731f32129" IssueInstant="2010-01-30T23:01:32.177Z" Version="2.0"> 
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName">CN=*.axolotl.com,OU=Secure Link SSL Wildcard,O=Axolotl Corp.,STREET=160 W. Santa Clara Street,STREET=Suite 1000,L=San Jose,S=CA,PostalCode=95113,C=US</saml2:Issuer> 
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
<ds:SignedInfo> 
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 
<ds:Reference URI="#b3c912d8-7e2e-4f82-a7d9-aab731f32129"> 
<ds:Transforms> 
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> 
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
</ds:Transforms> 
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
<ds:DigestValue>fulLe53nXAE/Yl6j2c8Z6nsedms=</ds:DigestValue> 
</ds:Reference> 
</ds:SignedInfo> 
<ds:SignatureValue>nZosX2PJKB8qqG1l0XSgouuBBNa6R/HWEiidN2OdY898g6KB0wnZfAVzYP3B2XT7+BnUY+nnHlyu
nqZLS8/EfzNTTu65ujoaKWxqH46MdPQZcKcEv5gHG4JK7nW7nuuFexrAJEUvdzBwL0eIsSormzHe
/+IR5/SLYhSZDaYAzbA=</ds:SignatureValue> 
<ds:KeyInfo> 
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">3raZ5aO0xAe4wDjsmsyplkWRW0E=</wsse:KeyIdentifier> 
</wsse:SecurityTokenReference> 
</ds:KeyInfo> 
</ds:Signature> 
<saml2:Subject> 
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName">CN=*.axolotl.com,OU=Secure Link SSL Wildcard,O=Axolotl Corp.,STREET=160 W. Santa Clara Street,STREET=Suite 1000,L=San Jose,S=CA,PostalCode=95113,C=US</saml2:NameID> 
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"> 
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:X509SubjectName">CN=*.axolotl.com,OU=Secure Link SSL Wildcard,O=Axolotl Corp.,STREET=160 W. Santa Clara Street,STREET=Suite 1000,L=San Jose,S=CA,PostalCode=95113,C=US</saml2:NameID> 
</saml2:SubjectConfirmation> 
</saml2:Subject> 
<saml2:Conditions NotBefore="2010-01-30T22:01:32.200Z" NotOnOrAfter="2010-01-31T00:01:32.200Z" /> 
<saml2:AuthnStatement AuthnInstant="2010-01-30T23:01:32.177Z"> 
<saml2:SubjectLocality Address="192.168.1.10" DNSName="SJCKDESAI.axolotl.com" /> 
<saml2:AuthnContext> 
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml2:AuthnContextClassRef> 
<saml2:AuthenticatingAuthority>CN=*.axolotl.com,OU=Secure Link SSL Wildcard,O=Axolotl Corp.,STREET=160 W. Santa Clara Street,STREET=Suite 1000,L=San Jose,S=CA,PostalCode=95113,C=US</saml2:AuthenticatingAuthority> 
</saml2:AuthnContext> 
</saml2:AuthnStatement> 
<saml2:AttributeStatement> 
<saml2:Attribute Name="UserName" NameFormat="http://www.hhs.gov/healthit/nhin"> 
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Batman</saml2:AttributeValue> 
</saml2:Attribute> 
<saml2:Attribute Name="UserOrganization" NameFormat="http://www.hhs.gov/healthit/nhin"> 
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Gotham City</saml2:AttributeValue> 
</saml2:Attribute> 
<saml2:Attribute Name="UserOrganizationOID" NameFormat="http://www.hhs.gov/healthit/nhin"> 
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">12345</saml2:AttributeValue> 
</saml2:Attribute> 
<saml2:Attribute Name="UserRole" NameFormat="http://www.hhs.gov/healthit/nhin"> 
<saml2:AttributeValue> 
<nhin:Role xmlns:nhin="http://www.hhs.gov/healthit/nhin" code="224608005" codeSystem="2.16.840.1.113883.6.96" codeSystemName="SNOMED CT" displayName="Administrative Healthcare Staff" /> 
</saml2:AttributeValue> 
</saml2:Attribute> 
<saml2:Attribute Name="PurposeForUse" NameFormat="http://www.hhs.gov/healthit/nhin"> 
<saml2:AttributeValue> 
<nhin:PurposeForUse xmlns:nhin="http://www.hhs.gov/healthit/nhin" code="TREATMENT" codeSystem="2.16.840.1.113883.18.7.1" codeSystemName="nhin-purpose" displayName="treatment" /> 
</saml2:AttributeValue> 
</saml2:Attribute> 
</saml2:AttributeStatement> 
</saml2:Assertion>

I get the rest just fine, its the signature that bombs out.


This message has been scanned for viruses and dangerous content by MailScanner, SpamAssassin & ClamAV.

This message and any attachments may contain information that is protected by law as privileged and confidential, and
is transmitted for the sole use of the intended recipient(s). If you are not the intended recipient, you are hereby notified
that any use, dissemination, copying or retention of this e-mail or the information contained herein is strictly prohibited.
If you received this e-mail in error, please immediately notify the sender by e-mail, and permanently delete this e-mail.

Archive powered by MHonArc 2.6.16.

Top of Page