OpenSAML user discussion

[Bryce Allen <>]

On Fri, 4 Mar 2011 20:00:08 +0000
"Cantor, Scott E." 
<>
 wrote:
> >But when I run the code I don't get any signature or digest:
> 
> I can't speak to Java code, but I can say that:
> 
> ><?xml version="1.0" encoding="UTF-8"?>
> ><saml2p:Response ID="8107476048360686828"
> 
> This is an invalid ID value in XML (can't start with a number), so
> presumably wouldn't be generated by OpenSAML (I hope), and:
> 
> ><ds:Reference URI="#781762062377208921">
> 
> This is pointing to a different (and equally invalid) ID, and that's
> why there's no digest or signature, there's no content to sign.
That is good to know - I copied an example that uses
UUID.randomUUID().toString() to set the ID. What should I use for
this instead?

Regarding the Marc's question, I am using a numeric ID and I still get a
full signature, which validates using javax.xml.crypto.dsig. OpenSAML
does not choke on the "invalid" ID/URI until I serialize the assertion
and try to read/unmarshall it later, giving me this unhelpful exception:

java.net.MalformedURLException: no protocol:

followed by the entire assertion XML. It would be nice if it said what
URL was invalid.

Thanks,
Bryce