OpenSAML user discussion

[Chris Card <>]

> https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManSigErrors
Thanks Scott,
I tried the "Validate the signature with known-good tools" approach, and the Oxygen XML Editor said the signature was valid, while the web page http://www.aleksey.com/xmlsec/xmldsig-verifier.html gave errors (something to do with the Reference in the signature to the ID in the Assertion element). The signature has also been validated by a Java opensaml program similar to my C++ one, so I believe the signature is valid.

I had a quick look at the xml-security-c source code (version 1.0.0 though) and it looks like DSIGSignature::verify() does some checking of the Reference against the ID in the Assertion element. Since xml-security-c is at a lower level than SAML, and knows nothing about Assertions, I assume that internally there must be some "parent" pointers in the signature objects that allow the code to work its way back up the xml hierarchy, and I'm guessing that somewhere I've done something that means that this isn't working. Something to do with object lifetimes maybe? Does this sound possible?

Chris