OpenSAML user discussion

["Scott Cantor" <>]

> I had a quick look at the xml-security-c source code (version 1.0.0
though)

I don't know where you're getting that, but it's many years out of date.
Nothing < 1.4 is even worth trying, 1.5.1 is close to a year old now, and I
don't think my code would even build with < 1.3.

> and it looks like DSIGSignature::verify() does some checking of the
> Reference against the ID in the Assertion element. Since xml-security-c is
> at a lower level than SAML, and knows nothing about Assertions, I assume
> that internally there must be some "parent" pointers in the signature
> objects that allow the code to work its way back up the xml hierarchy, and
> I'm guessing that somewhere I've done something that means that this isn't
> working. Something to do with object lifetimes maybe? Does this sound
> possible?

Unless you detach the object from the owning document altogether, the ID
references would be fine, and if they weren't, you'd get an error about that
from xml-security.

You should sanity check things by verifying with the key from the signature,
since you have most of the code written to try that anyway.

-- Scott