OpenSAML user discussion

[Brent Putman <>]

On 11/2/10 3:57 PM, JM Tremblay wrote:
> Ok, sorry.  With "log4j.logger.org.apache.xml.security=DEBUG", I do
> see extra end-of-lines before and after the <ec:InclusiveNamespaces>
> element in the  "Canonicalized SignedInfo. That doesn't look right.
>
>

Yes, that's interesting.  Usually we see issues with the digester output
steam (the Reference that was signed), not the SignedInfo of the
Signature.  That certainly explains why adding the xsi:type is producing
the error case: the xs:string or xs:integer is triggering the inclusion
of the InclusiveNamespaces element.  With no xsi:type (and no other
non-visibly used namespace prefixes), you'd get no InclusiveNamespaces
in the output, and presumably no added newlines.


>
> Now I need to figure out if I have any control over that.
>


I guess the 2 things to look at are:

1) how are you serializing the DOM on the signing side?  Are you using
our helper methods or your own code?

2) how are you deserializing and parsing on the validation side? 

Using our serialization and parsing code we don't see this issue of the
newlines being added, so you might want to compare what you are doing to
our XMLHelper.writeNode(...) and ParserPool code.

--Brent