mace-opensaml-users - Re: [OpenSAML] XML Signature verification issue
Subject: OpenSAML user discussion
List archive
- From: Daniel Förberg <>
- To:
- Subject: Re: [OpenSAML] XML Signature verification issue
- Date: Fri, 14 Jan 2011 11:51:47 +0100
Now i have debugged/tested the code as much i can understand right know. Came
to a conclusion, that actual pre-digest differs, cause it seems to use another Assertion,
according to the pre-digest output in the log than it should use. Which is very strange
because i pass the right Assertion to validation method. Then i started to think if there
is something wrong with the unmarshalling. It works fine to validate the Assertions
in isolation, but not while extracting the Assertions from a SOAP Message, using
OpenSAML, XMLSec on both sides. It should'nt be a problem or ?
This block falis while verifying signature:
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(Assertion.DEFAULT_ELEMENT_NAME);
Assertion authenticationAssertion = (Assertion) unmarshaller.unmarshall(assertionElement);
Assertion authorizationAssertion = (Assertion) unmarshaller.unmarshall(assertionElement);
Assertion auditAssertion = (Assertion) unmarshaller.unmarshall(assertionElement);
the getDOM() returns null
This block successfully verifies the signature
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(Assertion.DEFAULT_ELEMENT_NAME);
assertion = (Assertion)unmarshaller.unmarshall(assertion.getDOM());
Can someone clearify this for me ?
Thanks in advance.
Cheers
Best regards,
Daniel
2011/1/12 Cantor, Scott E. <>
> Well do know how to enable debug level in Java no problem.The digest isn't the issue, it's what is hashed to create the digest that has to be compared on both ends.
> But i just wanted to make shure that i look for the right output.
> It was written at the INFO level while verifying signature, but
> not while signing, though there is a precalculated digest value
> in the assertion. This value is recalculated and is not correct.
There are many complex namespace issues that can create problems in a SOAP context. Changing the document is merely one source of problems.
> The reason to this i don't know yet, but if the content has been
> changed of any reason, which it should not have been. It does
> work before i put it in the SOAP Header both signing and
> verification using a TrustEngine loading from the truststore.
-- Scott
- [OpenSAML] XML Signature verification issue, Daniel Förberg, 01/11/2011
- Re: [OpenSAML] XML Signature verification issue, Chad La Joie, 01/11/2011
- Re: [OpenSAML] XML Signature verification issue, Daniel Förberg, 01/11/2011
- Re: [OpenSAML] XML Signature verification issue, Chad La Joie, 01/11/2011
- Re: [OpenSAML] XML Signature verification issue, Daniel Förberg, 01/11/2011
- Re: [OpenSAML] XML Signature verification issue, Brent Putman, 01/12/2011
- Re: [OpenSAML] XML Signature verification issue, Daniel Förberg, 01/12/2011
- RE: [OpenSAML] XML Signature verification issue, Cantor, Scott E., 01/12/2011
- Re: [OpenSAML] XML Signature verification issue, Daniel Förberg, 01/14/2011
- Re: [OpenSAML] XML Signature verification issue, Daniel Förberg, 01/14/2011
- Re: [OpenSAML] XML Signature verification issue, Daniel Förberg, 01/12/2011
- Re: [OpenSAML] XML Signature verification issue, Brent Putman, 01/12/2011
- Re: [OpenSAML] XML Signature verification issue, Daniel Förberg, 01/11/2011
- Re: [OpenSAML] XML Signature verification issue, Chad La Joie, 01/11/2011
- Re: [OpenSAML] XML Signature verification issue, Daniel Förberg, 01/11/2011
- Re: [OpenSAML] XML Signature verification issue, Chad La Joie, 01/11/2011
Archive powered by MHonArc 2.6.16.