mace-opensaml-users - RE: [OpenSAML] Signing Assertion within a Response (C++)
Subject: OpenSAML user discussion
List archive
- From: Chris Card <>
- To: <>
- Subject: RE: [OpenSAML] Signing Assertion within a Response (C++)
- Date: Wed, 6 Oct 2010 14:22:32 +0000
- Importance: Normal
|
Hi Scott, > > > Before I investigate other things, is the above the correct way to produce > a > > signed Assertion within a Response? > > Should be close. There's a test case for a signed assertion inside a signed > response that's manually built in the SAML1ResponseTest unit test. > > The one difference that I saw is that you must be setting a key on the > Signature to use rather than passing it into the marshaller as a Credential. I found the problem, it was nothing to do with the way I did the signing (which is working as far as I can see). The validation of the digest was failing because I wasn't explicitly setting the xsi namespace in AttributeValue elements - when validating the digest the library code *did* put the xsi namespace attribute in the AttributeValue elements and so ended up with different xml to hash. The canonical xml that was hashed when I signed the assertion had <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">ccard</saml:AttributeValue> whereas the canonical xml that was hashed when validating had <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">ccard</saml:AttributeValue> Is there sample C++ code somewhere for creating AttributeValue elements? I've got something that's working now, but it seems messy to me: std::auto_ptr<Namespace> xsd_ns(new Namespace(XSD_NS, XSD_PREFIX)); std::auto_ptr<Namespace> xsi_ns(new Namespace(XSI_NS, XSI_PREFIX)); static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e); QName xsitype(XSI_NS,type,XSI_PREFIX); ..... AttributeValue* av(avBuilder->buildObject()); av->setTextContent(auto_ptr_XMLCh(vit->c_str()).get()); av->addNamespace(*xsd_ns); av->addNamespace(*xsi_ns); av->setAttribute(xsitype, auto_ptr_XMLCh("xs:string").get()); attribute->getAttributeValues().push_back(av); Chris |
- [OpenSAML] Signing Assertion within a Response (C++), Chris Card, 10/06/2010
- RE: [OpenSAML] Signing Assertion within a Response (C++), Scott Cantor, 10/06/2010
- RE: [OpenSAML] Signing Assertion within a Response (C++), Chris Card, 10/06/2010
- RE: [OpenSAML] Signing Assertion within a Response (C++), Scott Cantor, 10/06/2010
- RE: [OpenSAML] Signing Assertion within a Response (C++), Scott Cantor, 10/06/2010
- RE: [OpenSAML] Signing Assertion within a Response (C++), Chris Card, 10/06/2010
- RE: [OpenSAML] Signing Assertion within a Response (C++), Scott Cantor, 10/06/2010
- RE: [OpenSAML] Signing Assertion within a Response (C++), Chris Card, 10/06/2010
- RE: [OpenSAML] Signing Assertion within a Response (C++), Scott Cantor, 10/06/2010
- [OpenSAML] log4shib + LocalSyslogAppender, Chris Card, 10/19/2010
- RE: [OpenSAML] log4shib + LocalSyslogAppender, Scott Cantor, 10/19/2010
- RE: [OpenSAML] log4shib + LocalSyslogAppender, Chris Card, 10/19/2010
- RE: [OpenSAML] log4shib + LocalSyslogAppender, Scott Cantor, 10/19/2010
- RE: [OpenSAML] Signing Assertion within a Response (C++), Scott Cantor, 10/06/2010
- RE: [OpenSAML] Signing Assertion within a Response (C++), Chris Card, 10/06/2010
- RE: [OpenSAML] Signing Assertion within a Response (C++), Scott Cantor, 10/06/2010
- RE: [OpenSAML] Signing Assertion within a Response (C++), Scott Cantor, 10/06/2010
- RE: [OpenSAML] Signing Assertion within a Response (C++), Chris Card, 10/06/2010
- RE: [OpenSAML] Signing Assertion within a Response (C++), Scott Cantor, 10/06/2010
Archive powered by MHonArc 2.6.16.