mace-opensaml-users - [OpenSAML] Can't generate signed assertion
Subject: OpenSAML user discussion
List archive
- From: Marc Boorshtein <>
- To:
- Subject: [OpenSAML] Can't generate signed assertion
- Date: Fri, 4 Mar 2011 14:32:42 -0500
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=Qa9dK8kC3k5FDFWavKTwb+ZYIg0/jo7Kc4KF6iucySfNYGltD4E+kHc5peInvwsjoR GSfiSHi/Xa7BmRbC7bsjEYrgK1FB0Z+w87raEA56JOKKf7qxZ2iDz2jvgBYey66bZPPL fAv539pgqd1SCDbj5A7uLCt99AGQVlJkQGjSQ=
All,
I'm trying to generate a signed assertion with the following code:
Assertion assertion = generateAssertion();
BasicX509Credential signingCredential =
SecurityHelper.getSimpleCredential(this.cert, this.sigKey);
Signature signature = (Signature)
Configuration.getBuilderFactory()
.getBuilder(Signature.DEFAULT_ELEMENT_NAME)
.buildObject(Signature.DEFAULT_ELEMENT_NAME);
SecurityHelper.prepareSignatureParams(signature,
signingCredential,
null, null);
signature.setSigningCredential(signingCredential);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
assertion.setSignature(signature);
Configuration.getMarshallerFactory().getMarshaller(assertion).marshall(assertion);
Signer.signObject(signature);
return assertion;
But when I run the code I don't get any signature or digest:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="8107476048360686828"
IssueInstant="2011-03-04T19:26:56.278Z" Version="2.0"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><saml2p:Status><saml2p:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertion
ID="781762062377208921" IssueInstant="2011-03-04T19:26:56.278Z"
Version="2.0"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://www.healthtrioconnect.com/saml</saml2:Issuer><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#781762062377208921">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces
PrefixList="ds saml2"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue/>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue/>
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICLzCCAZigAwIBAgIETUxJbzANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJ1czENMAsGA1UE
CBMEdGVzdDENMAsGA1UEBxMEdGVzdDENMAsGA1UEChMEdGVzdDENMAsGA1UECxMEdGVzdDERMA8G
A1UEAxMIc2FtbC1zaWcwHhcNMTEwMjA0MTg0NjA3WhcNMTEwNTA1MTg0NjA3WjBcMQswCQYDVQQG
EwJ1czENMAsGA1UECBMEdGVzdDENMAsGA1UEBxMEdGVzdDENMAsGA1UEChMEdGVzdDENMAsGA1UE
CxMEdGVzdDERMA8GA1UEAxMIc2FtbC1zaWcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJO9
TKg1gjyP8bqUFi3/NayNxHqxH9DMX6THX0y9Lb5o7dstpKg6Gt+TtafyyxTgttUOfgzvIpESyYP0
zWeOAwh5R8RvY9gYXnS/QZMnVbixwXOicedBAPN+1LVUfwujmZ5IyvCdYf8xMO8V/X52wb8at8il
alYb9cC9SjjwJv1NAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAUIIOfLLOcpEhmTbKILSgT3/H3Gds
Je36rgacJZgAjRlBBqzt9lwkNrY0UJ3kxGLgF7xjK0RTISJJw/y6vCwEu6rgKiUADGmbiIje09iG
2aICKBcdSdsl1sFi7RG+QTvr8EnKXjZMA58sSdHPOZi8w0Wd+snaCYOaZzBjydtcFqE=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">10000008860</saml2:NameID><saml2:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData
NotOnOrAfter="2010-11-23T20:00:00.000Z"
Recipient="https://federation-uat.healthways.com:443/fed/sp/authnResponse20"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions
NotBefore="2010-11-23T19:00:00.000Z"
NotOnOrAfter="2010-11-23T20:00:00.000Z"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:AudienceRestriction><saml2:Audience>https://federation-uat.healthways.com:443/fed/sp/authnResponse20</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement
AuthnInstant="2011-03-04T19:26:56.278Z"
SessionIndex="-8649597662709438825"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"/></saml2:Assertion></saml2p:Response>
Any help would be greatly appreciated.
Thanks
Marc
- [OpenSAML] Can't generate signed assertion, Marc Boorshtein, 03/04/2011
- Re: [OpenSAML] Can't generate signed assertion, Bryce Allen, 03/04/2011
- Re: [OpenSAML] Can't generate signed assertion, Cantor, Scott E., 03/04/2011
- RE: [OpenSAML] Can't generate signed assertion, Wang, Shengke, 03/04/2011
- Re: [OpenSAML] Can't generate signed assertion, Bryce Allen, 03/04/2011
- Re: [OpenSAML] Can't generate signed assertion, Bryce Allen, 03/04/2011
- Re: [OpenSAML] Can't generate signed assertion, Cantor, Scott E., 03/05/2011
- RE: [OpenSAML] Can't generate signed assertion, Wang, Shengke, 03/04/2011
Archive powered by MHonArc 2.6.16.