Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Can't generate signed assertion

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Can't generate signed assertion


Chronological Thread 
  • From: Bryce Allen <>
  • To:
  • Subject: Re: [OpenSAML] Can't generate signed assertion
  • Date: Fri, 4 Mar 2011 13:48:58 -0600

What is the contents of SecurityHelper.prepareSignatureParams? I am
using the following method to sign, which is very similar what you are
using, and it is including a SignatureValue and DigestValue:

public static Assertion signAssertion(Assertion a, KeyPair keyPair,
X509Certificate signingCert,
boolean x509KeyInfo)
throws CertificateEncodingException, MarshallingException,
SignatureException { Signature signature = (Signature)
Configuration.getBuilderFactory() .getBuilder(Signature.DEFAULT_ELEMENT_NAME)
.buildObject(Signature.DEFAULT_ELEMENT_NAME);

BasicX509Credential cred = new BasicX509Credential();
cred.setEntityCertificate(signingCert);
cred.setPrivateKey(keyPair.getPrivate());

signature.setSigningCredential(cred);
signature.setSignatureAlgorithm(
SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
signature.setCanonicalizationAlgorithm(
SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
KeyInfoBuilder kib = new KeyInfoBuilder();
KeyInfo ki = kib.buildObject();
if (x509KeyInfo)
KeyInfoHelper.addCertificate(ki, signingCert);
else
KeyInfoHelper.addPublicKey(ki, keyPair.getPublic());

signature.setKeyInfo(ki);

a.setSignature(signature);

Configuration.getMarshallerFactory().getMarshaller(a).marshall(a);
Signer.signObject(signature);

return a;
}

On Fri, 4 Mar 2011 14:32:42 -0500
Marc Boorshtein
<>
wrote:
> All,
>
> I'm trying to generate a signed assertion with the following code:
>
> Assertion assertion = generateAssertion();
> BasicX509Credential signingCredential =
> SecurityHelper.getSimpleCredential(this.cert, this.sigKey);
>
> Signature signature = (Signature)
> Configuration.getBuilderFactory()
> .getBuilder(Signature.DEFAULT_ELEMENT_NAME)
> .buildObject(Signature.DEFAULT_ELEMENT_NAME);
>
> SecurityHelper.prepareSignatureParams(signature,
> signingCredential, null, null);
>
>
> signature.setSigningCredential(signingCredential);
>
> signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
>
> signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
>
> assertion.setSignature(signature);
>
> Configuration.getMarshallerFactory().getMarshaller(assertion).marshall(assertion);
> Signer.signObject(signature);
>
>
> return assertion;
>
> But when I run the code I don't get any signature or digest:
> <?xml version="1.0" encoding="UTF-8"?>
> <saml2p:Response ID="8107476048360686828"
> IssueInstant="2011-03-04T19:26:56.278Z" Version="2.0"
> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><saml2p:Status><saml2p:StatusCode
> Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertion
> ID="781762062377208921" IssueInstant="2011-03-04T19:26:56.278Z"
> Version="2.0"
> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:Issuer
> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://www.healthtrioconnect.com/saml</saml2:Issuer><ds:Signature
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <ds:Reference URI="#781762062377208921"> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces
> PrefixList="ds saml2"
> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform>
> </ds:Transforms> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue/> </ds:Reference> </ds:SignedInfo>
> <ds:SignatureValue/>
> <ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICLzCCAZigAwIBAgIETUxJbzANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJ1czENMAsGA1UE
> CBMEdGVzdDENMAsGA1UEBxMEdGVzdDENMAsGA1UEChMEdGVzdDENMAsGA1UECxMEdGVzdDERMA8G
> A1UEAxMIc2FtbC1zaWcwHhcNMTEwMjA0MTg0NjA3WhcNMTEwNTA1MTg0NjA3WjBcMQswCQYDVQQG
> EwJ1czENMAsGA1UECBMEdGVzdDENMAsGA1UEBxMEdGVzdDENMAsGA1UEChMEdGVzdDENMAsGA1UE
> CxMEdGVzdDERMA8GA1UEAxMIc2FtbC1zaWcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJO9
> TKg1gjyP8bqUFi3/NayNxHqxH9DMX6THX0y9Lb5o7dstpKg6Gt+TtafyyxTgttUOfgzvIpESyYP0
> zWeOAwh5R8RvY9gYXnS/QZMnVbixwXOicedBAPN+1LVUfwujmZ5IyvCdYf8xMO8V/X52wb8at8il
> alYb9cC9SjjwJv1NAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAUIIOfLLOcpEhmTbKILSgT3/H3Gds
> Je36rgacJZgAjRlBBqzt9lwkNrY0UJ3kxGLgF7xjK0RTISJJw/y6vCwEu6rgKiUADGmbiIje09iG
> 2aICKBcdSdsl1sFi7RG+QTvr8EnKXjZMA58sSdHPOZi8w0Wd+snaCYOaZzBjydtcFqE=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject
> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:NameID
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">10000008860</saml2:NameID><saml2:SubjectConfirmation
> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData
> NotOnOrAfter="2010-11-23T20:00:00.000Z"
> Recipient="https://federation-uat.healthways.com:443/fed/sp/authnResponse20"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions
> NotBefore="2010-11-23T19:00:00.000Z"
> NotOnOrAfter="2010-11-23T20:00:00.000Z"
> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:AudienceRestriction><saml2:Audience>https://federation-uat.healthways.com:443/fed/sp/authnResponse20</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement
> AuthnInstant="2011-03-04T19:26:56.278Z"
> SessionIndex="-8649597662709438825"
> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement
> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"/></saml2:Assertion></saml2p:Response>
>
> Any help would be greatly appreciated.
>
> Thanks
> Marc



Archive powered by MHonArc 2.6.16.

Top of Page