OpenSAML user discussion

[Chad La Joie <>]

If you check the opensaml archives you'll see this is a relatively 
common issues.  Signatures are notoriously brittle (by design really). 
Something between the moment the signature is created and the moment you 
verify the signature is corrupting it.  It's going to be impossible for 
anyone on this list to say where and when that it.  So you'll need to do 
the investigation.

One place to start would be to look at the Troubleshooting Signature 
Problems[1] document.  You'll need to get the digest of the signature 
right after the signature was created and then check it at various spots 
before it gets to your verification process.  When the digest changes 
you've found the cause of the problem.

[1] https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManSigErrors

On 1/11/11 5:04 AM, Daniel Förberg wrote:
> Well the the signature generation and verification of the Assertions
> isolated works perfectly fine.
> When adding the 3 Assertions into a SOAP  Header of a SOAP Enevelope,
> whithout formatting
> the content. The Assertions are extracted from the Actual SOAP Message
> in an Interceptor
> to front the Service Producer using CXF. When the verification is
> performed Using a TrustEngine,
> the Error message is "Signature Hash does not match signed content". Any
> clue, to be able
> to verify the Signature correctly? I followed all tips and instruction
> on the OpenSAML without any
> result yet. Thanks in advance.

--
Chad La Joie
http://itumi.biz
trusted identities, delivered