OpenSAML user discussion

[Fabrizio Paccagnella <>]

Hi, I tried to sign an assertion following this tutorial
https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManJavaDSIG

However when I try to sign the assertion I get this exception:
org.apache.xml.security.signature.XMLSignatureException: object not
initialized for signature or verification

This is my code:
                DefaultBootstrap.bootstrap();

                // Get the builder factory
                XMLObjectBuilderFactory builderFactory =
Configuration.getBuilderFactory();
                
                //credential
                String key_path = "/home/user/saml/idp/server.pem";
                String cert_path = "/home/user/saml/idp/server.crt";
                
                PrivateKey privatekey = SecurityHelper.decodePrivateKey(new
File(key_path), null);
                X509Certificate certificate = X509Util.decodeCertificate(new
File(cert_path)).toArray(new X509Certificate[0])[0];
                
                Credential signingCredential =
SecurityHelper.getSimpleCredential(certificate, privatekey);
                
                Signature signature = (Signature)
builderFactory.getBuilder(Signature.DEFAULT_ELEMENT_NAME).buildObject(Signatur
e.DEFAULT_ELEMENT_NAME);
                SecurityHelper.prepareSignatureParams(signature,
signingCredential, null, null);
                
                Assertion assertion = (Assertion)
builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME).buildObject(Assertio
n.DEFAULT_ELEMENT_NAME);
                assertion.setSignature(signature);
                
               
Configuration.getMarshallerFactory().getMarshaller(assertion).marshall(asserti
on);
                
                Signer.signObject(signature);

and this is my stack trace:
Exception in thread "main" java.lang.RuntimeException:
org.apache.xml.security.signature.XMLSignatureException: object not
initialized for signature or verification
Original Exception was java.security.SignatureException: object not
initialized for signature or verification
        at org.apache.xml.security.utils.SignerOutputStream.write(Unknown
Source)
        at
org.apache.xml.security.utils.UnsyncBufferedOutputStream.flushBuffer(Unknown
Source)
        at
org.apache.xml.security.utils.UnsyncBufferedOutputStream.flush(Unknown Source)
        at
org.apache.xml.security.utils.UnsyncBufferedOutputStream.close(Unknown Source)
        at
org.apache.xml.security.c14n.implementations.CanonicalizerBase.engineCanonical
izeSubTree(Unknown Source)
        at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315Excl.engineC
anonicalizeSubTree(Unknown Source)
        at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315Excl.engineC
anonicalizeSubTree(Unknown Source)
        at
org.apache.xml.security.c14n.Canonicalizer.canonicalizeSubtree(Unknown Source)
        at
org.apache.xml.security.signature.SignedInfo.signInOctectStream(Unknown
Source)
        at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
        at org.opensaml.xml.signature.Signer.signObject(Signer.java:78)
        at automa.test.AutomaTestMain.main(AutomaTestMain.java:52)

I using xmlsec-1.4.3.jar and the other library shipped with opensaml-2.3.1.

Any suggestion?

Fabrizio