mace-opensaml-users - Re: Re: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail
Subject: OpenSAML user discussion
List archive
Re: Re: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail
Chronological Thread
- From: JM Tremblay <>
- To:
- Subject: Re: Re: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail
- Date: Tue, 2 Nov 2010 16:24:36 -0400
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=wChNZW97CFMSTsirR5EUZqkeciY/MMj9+JisF9gyQ7MWAF9GZzTz2LoTbnAeKhegk7 SubHd31lXMcurmC5dRWICIxWRfmNm1G/S7fARwWVyetR6qNlwRUn+m1x6BVTWteDEvFb AcbsYhp10JL3BhAnkKGlcd92WlO6ulZvmEYgY=
Here's the Canonicalized SignedInfo when I don't use XSString attributes. The encoded/decoded SignedInfos match and don't have (require) any ec:InclusiveNamespaces element. That explains why the "xs" attributes trigger the problem.
2010-11-02 16:12:16.442 [DEBUG] (main) org.apache.xml.security.utils.SignerOutputStream - Canonicalized SignedInfo:
2010-11-02 16:12:16.443 [DEBUG] (main) org.apache.xml.security.utils.SignerOutputStream - <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"></ds:SignatureMethod><ds:Reference URI="#_2c0d4932-8ef2-4c76-bb16-002af7116998"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>cengJGzybQWVvmDYUmDRF42t8pw=</ds:DigestValue></ds:Reference></ds:SignedInfo>
2010-11-02 16:11:40.725 [DEBUG] (14534444@qtp-3324757-7) org.apache.xml.security.utils.SignerOutputStream - Canonicalized SignedInfo:
2010-11-02 16:11:40.725 [DEBUG] (14534444@qtp-3324757-7) org.apache.xml.security.utils.SignerOutputStream - <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"></ds:SignatureMethod><ds:Reference URI="#_2c0d4932-8ef2-4c76-bb16-002af7116998"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>cengJGzybQWVvmDYUmDRF42t8pw=</ds:DigestValue></ds:Reference></ds:SignedInfo>
JM
- Re: Re: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail, Jean-Michel Tremblay, 11/02/2010
- RE: Re: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail, Scott Cantor, 11/02/2010
- Re: Re: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail, JM Tremblay, 11/02/2010
- Re: Re: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail, JM Tremblay, 11/02/2010
- Re: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail, Brent Putman, 11/02/2010
- Re: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail, Brent Putman, 11/02/2010
- Re: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail, JM Tremblay, 11/02/2010
- RE: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail, Scott Cantor, 11/02/2010
- Re: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail, JM Tremblay, 11/02/2010
- RE: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail, Scott Cantor, 11/02/2010
- Re: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail, JM Tremblay, 11/02/2010
- RE: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail, Scott Cantor, 11/02/2010
- Re: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail, JM Tremblay, 11/02/2010
- Re: Re: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail, JM Tremblay, 11/02/2010
- Re: Re: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail, JM Tremblay, 11/02/2010
- <Possible follow-up(s)>
- Re: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail, Jim Fox, 11/02/2010
- RE: Re: [OpenSAML] AttributeValue of type XSString or XSInteger causing signature validation to fail, Scott Cantor, 11/02/2010
Archive powered by MHonArc 2.6.16.