[OpenSAML] XML Signature issue in openSAML1.1

4 views
Skip to first unread message

bharath.k...@rsa.com

unread,
Oct 20, 2009, 3:27:48 AM10/20/09
to mace-open...@internet2.edu

I am using openSAML1.1 for generating SAML 1.0 assertions and signing
it. I realised that openSAML1.1 by default uses
http://www.w3.org/2001/10/xml-exc-c14n# algorithm for canonicalization.
Since XML canonicalization is used, inserted a space between two
elements in a signed assertion and with this signature validation
started failing. Why is the signature validation failing ?? According to
my undersatnding a space between two XML elements shouldn't have
contributed to the digest value when canonicalization is used. If this
is a known issue, is it fixed in opensaml 2.X ??

Thanks,
Bharath


Chad La Joie

unread,
Oct 20, 2009, 4:13:07 AM10/20/09
to mace-open...@internet2.edu
Whitespace breaks signatures. It's not a bug of the library. Also,
OpenSAML 1.1 is dead and no longer supported.

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad....@switch.ch, http://www.switch.ch

Bernd Zwattendorfer

unread,
Oct 20, 2009, 5:49:05 AM10/20/09
to mace-open...@internet2.edu
Hi,

is there any possibility to report bugs in OpenSAML (not only this list)?
The method validateAttributeConsumingServices(SPSSODescriptor
spssoDescriptor) in SPSSODescriptorSchemaValidator requires at least one
AttributeConsumingService which is against the SAML metadata
specification and schema.

Best regards,
Bernd

Chad La Joie

unread,
Oct 20, 2009, 5:52:04 AM10/20/09
to mace-opensaml-users
Reply all
Reply to author
Forward
0 new messages