Hi All,
I am trying to send my federation server a SAML message that has a
signed assertion in it that I have created using .NET 3.5. My
federation server is written in Java and uses the latest version of
Apache XML Security to process these messages' digital signatures.
After an embarrassingly long time of sifting through code, blog posts,
mailing lists, and the W3C's spec, I am stuck and would *greatly*
appreciate some help.
When I use the federation server to create a SAML message and send it
back to it for verification, it accepts the signature. In this use
case, effectively, it's a signature produced by your toolkit being
validated by it.
I have have made the assertion created by my .NET code very close to
the one accepted by the federation server (differences described after
the XML docs). However, the XML signature processor in the server
still considers it invalid. I've added the public key in the SAML
message to the cacerts file used by the JRE that my federation server
runs in (in case that makes a diff).
Here are the documents that I'm working w/. The first is produced by
the federation server and is signed w/ your toolkit which is being
validated OK:
<samlp:Response IssueInstant="2010-08-20T20:03:19.135Z"
ID="gzkD2IIbWdVCDYURBGADixzaWNB" Version="2.0"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">localhost:default:entityId</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion Version="2.0"
IssueInstant="2010-08-20T20:03:19.140Z"
ID="i4JxuzpsMFt59B4m0THfGZFamo7"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>localhost:default:entityId</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#i4JxuzpsMFt59B4m0THfGZFamo7">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>6sws+aEYHaQnUtS41TlGkoLvPMc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>WMQW5cNDoxPbkM/YA+5KOLpHqrhY3M2ir9BtooTrmgAVzGR+0qDTNq1
0knR36mQmJMV0PKiLb8wL
/EOetUx8Y8SkruVb5qcv0J2rWkXJbo68uR/2ilB5BYnnNVxkV0OzzdEjnmPLFyTNoraOaZ4GR8Du
oGA+0cp43Q55tCaBLYS/qIxoiQrpw+XVHUy+Xh3BMwYj0CoaNCZmEE06iVWb0Fd7VY4j4VOcuRq3
ImQ27MOmUQvwk1lVH4y+OMiHt9SijCWP1Q2TzUGk5jvtlXc60sA56cD3uHb54tEAlmK3ciB7nkpZ
ZlCbPUipPICYrQkl94uHt0M224nMXfv8++aB0Q==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIC/jCCAeagAwIBAgIQFbo2Qg0w955Dgf1MzdFm6zANBgkqhk
iG9w0BAQUFADARMQ8wDQYDVQQD
EwZUcmF2aXMwIBcNMTAwNTAxMDYxODQ3WhgPMjExMDA0MDcwNjE4NDdaMBExDzANBgNVBAMTBlRy
YXZpczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYhy0zAuKLqF1Qnz89o+7DvfE8y
OTAspkNw7GInKnKl5SgJ0OGvpJehU4neEYiPjL7nfHGq4kGL+u/735gRBlMjQWsdCQAPZUR4OJbQ
zmcNGRIeZ5yUtduCjToI/ASXmUVHUK5sMwSvoSZoTMTsVrTe+oxtKIplq2WvdvrHVed0xIMGqk/u
fi82cNEebE61aXQczpICrgMavnaTgQ2xzM6hu2lxL9C0SdNE9QOqtW+JzHQRYy2mzGkxsByuZ/M9
8MVkKJSQt24sYy52WK7MvlNnY8PSuPvdl8E1OWPfmCJNdXcYLTVZu399BNZazrVDPzybUbnnwygE
g/hboHnGTNMCAwEAAaNQME4wFQYDVR0lBA4wDAYKKwYBBAGCNwoDBDAqBgNVHREEIzAhoB8GCisG
AQQBgjcUAgOgEQwPVHJhdmlzQGRvZ3dvb2QAMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEB
AJplSd5TXGT3jvX7aK3C+pohVRl/VfyigGFGU/AvX+oiqy+dCy4pw7Ee/luDkHCfReWG1aEIS3w7
cSf8fHKsS5e339V4HsMVY7YaFyyQV7xzEuCMnDIIClcexF6Bm4LZQXcvojrYdnt0gedrmXi450N+
YA5k/qGkMz4EFKv4rdxJxT2NVc6Lrv+ZfZJU0yHz74krbuG1I181+MtcKwfmKIzjU+HZ6PrwJktH
2XO6rEP/yDg6gKSokJyi7OLpbVoKVN1obYmeB0PbAQChvEhCDNrbDMOkEEnhYlta6sdMLvIqbfRF
vqjKGEqpMTEetijll70vEduJD9zsL6VRusIJ/pI=</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>xiHLTMC4ouoXVCfPz2j7sO98TzI5MCymQ3DsYicqcqXlKAnQ4a+kl6FT
id4RiI+Mvud8cariQYv6
7/vfmBEGUyNBax0JAA9lRHg4ltDOZw0ZEh5nnJS124KNOgj8BJeZRUdQrmwzBK+hJmhMxOxWtN76
jG0oimWrZa92+sdV53TEgwaqT+5+LzZw0R5sTrVpdBzOkgKuAxq+dpOBDbHMzqG7aXEv0LRJ00T1
A6q1b4nMdBFjLabMaTGwHK5n8z3wxWQolJC3bixjLnZYrsy+U2djw9K4+92XwTU5Y9+YIk11dxgt
NVm7f30E1lrOtUM/PJtRuefDKASD+FugecZM0w==</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">joe</saml:NameID>
<saml:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData
NotOnOrAfter="2010-08-20T20:08:19.141Z"
Recipient="https://localhost:9031/sp/ACS.saml2"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotOnOrAfter="2010-08-20T20:08:19.141Z"
NotBefore="2010-08-20T19:58:19.141Z">
<saml:AudienceRestriction>
<saml:Audience>localhost:default:entityId</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2010-08-20T20:03:19.140Z"
SessionIndex="i4JxuzpsMFt59B4m0THfGZFamo7">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema";>
<saml:Attribute
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="FooUrl">
<saml:AttributeValue xsi:type="xs:string"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>http://localhost/spsample/?foo=bar</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
The second is created w/ .NET and its signature is not considered valid:
<Response Destination="https://localhost:9031/sp/ACS.saml2";
IssueInstant="2010-08-27T05:24:46" ID="Swr4yvoT7e5PF447k9PVPHdn2g3"
Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">localhost:default:entityId</saml:Issuer>
<Status>
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</Status>
<Assertion ID="_e31ba86e-98b0-48bb-b5f4-deed6156240d"
IssueInstant="2010-08-27T05:24:46.360Z" Version="2.0"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>localhost:default:entityId</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_e31ba86e-98b0-48bb-b5f4-deed6156240d">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>8wP0L/LAQBlet3Qh/Ueww2dxZCA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>NZVuOduItANH5THpx1GNxuwRqjd3BRT9fjD1u+i3iKtlH6DPSkox1N30/VFrj
LSTswwWGml/axS8kdkrcuzYPrfPk/p0ys8o54Q7Oz5AoBx9yzQl5OA8mL+mIjxwZVA8DhN5YpT+V
7mw5wnwuHuR/HCpA/q6iYr6TY6wLSsW9J6eP+6rdTi72egdPJebbMgAq55IEut0kPGC1SFYFWd/7
2PxrjnGKwAez/zeaJ5DNf/XsoyIOBGv2HDXQcKkJ3cDzV/qoCpDMNQAES0amt0kjH16uRz6Xe10E
JhZQJJocE2xw8ne8KXxEBE9fsIbc4zgOf1nUiTctpwprA6/D1XZzA==</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<X509Data>
<X509Certificate>MIIC/jCCAeagAwIBAgIQFbo2Qg0w955Dgf1MzdFm6zANBgkqhkiG9w0
BAQUFADARMQ8wDQYDVQQDEwZUcmF2aXMwIBcNMTAwNTAxMDYxODQ3WhgPMjExMDA0MDc
wNjE4NDdaMBExDzANBgNVBAMTBlRyYXZpczCCASIwDQYJKoZIhvcNAQEBBQADggEPADC
CAQoCggEBAMYhy0zAuKLqF1Qnz89o+7DvfE8yOTAspkNw7GInKnKl5SgJ0OGvpJehU4n
eEYiPjL7nfHGq4kGL+u/735gRBlMjQWsdCQAPZUR4OJbQzmcNGRIeZ5yUtduCjToI/AS
XmUVHUK5sMwSvoSZoTMTsVrTe+oxtKIplq2WvdvrHVed0xIMGqk/ufi82cNEebE61aXQ
czpICrgMavnaTgQ2xzM6hu2lxL9C0SdNE9QOqtW+JzHQRYy2mzGkxsByuZ/M98MVkKJS
Qt24sYy52WK7MvlNnY8PSuPvdl8E1OWPfmCJNdXcYLTVZu399BNZazrVDPzybUbnnwyg
Eg/hboHnGTNMCAwEAAaNQME4wFQYDVR0lBA4wDAYKKwYBBAGCNwoDBDAqBgNVHREEIzA
hoB8GCisGAQQBgjcUAgOgEQwPVHJhdmlzQGRvZ3dvb2QAMAkGA1UdEwQCMAAwDQYJKoZ
IhvcNAQEFBQADggEBAJplSd5TXGT3jvX7aK3C+pohVRl/VfyigGFGU/AvX+oiqy+dCy4
pw7Ee/luDkHCfReWG1aEIS3w7cSf8fHKsS5e339V4HsMVY7YaFyyQV7xzEuCMnDIIClc
exF6Bm4LZQXcvojrYdnt0gedrmXi450N+YA5k/qGkMz4EFKv4rdxJxT2NVc6Lrv+ZfZJ
U0yHz74krbuG1I181+MtcKwfmKIzjU+HZ6PrwJktH2XO6rEP/yDg6gKSokJyi7OLpbVo
KVN1obYmeB0PbAQChvEhCDNrbDMOkEEnhYlta6sdMLvIqbfRFvqjKGEqpMTEetijll70
vEduJD9zsL6VRusIJ/pI=</X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
<Subject>
<NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">joe</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData
NotOnOrAfter="2010-08-27T05:25:46.360Z"
Recipient="https://localhost:9031/sp/ACS.saml2"/>
</SubjectConfirmation>
</Subject>
<Conditions NotBefore="2010-08-27T05:24:46.359Z"
NotOnOrAfter="2010-08-27T05:25:46.359Z">
<AudienceRestriction>
<Audience>localhost:default:entityId</Audience>
</AudienceRestriction>
</Conditions>
<AuthnStatement AuthnInstant="2010-08-27T05:24:46.360Z"
SessionIndex="_4da72941-e6da-4e59-af4f-2e0d3ea853a9">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
<AttributeStatement>
<Attribute Name="FooUrl"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<AttributeValue>https://localhost/SpSample/?foo=bar</AttributeValue>
</Attribute>
</AttributeStatement>
</Assertion>
</Response>
The only differences I see between these docs are the following:
* Identifiers for the assertions, sessions, etc.
* Attribute order on a few elements
* Use of namespace prefixes through the doc that validates vs. the use
of the default namesapce on the one that doesn't
* Temporal data
* The URI attribute value of the ds:Reference element
* Missing type attribute on the AttributeValue element of the invalid document
While I understand that these differences would result in different
signature values (which is fine), I don't understand why Apache XML
Security considers the .NET-generated signature invalid.
When I turn on debugging of XML signatures on in the federation
server, this is what I get in the log:
2010-08-26 22:25:04,292 tid:8ec06a77f WARN
[org.apache.xml.security.signature.XMLSignature] Signature
verification failed.
2010-08-26 22:25:04,303 tid:8ec06a77f WARN
[org.apache.xml.security.signature.Reference] Verification failed for
URI "#_e31ba86e-98b0-48bb-b5f4-deed6156240d"
2010-08-26 22:25:04,306 tid:8ec06a77f WARN
[org.apache.xml.security.signature.Reference] Expected Digest:
8wP0L/LAQBlet3Qh/Ueww2dxZCA=
2010-08-26 22:25:04,309 tid:8ec06a77f WARN
[org.apache.xml.security.signature.Reference] Actual Digest:
WxH1MlSyFAlbRx0jlbuvwH27UrY=
2010-08-26 22:25:04,312 tid:8ec06a77f DEBUG
[org.sourceid.common.dsig.XmlSignatureUtil] XmlObject.xmlText():
<Assertion ID="_e31ba86e-98b0-48bb-b5f4-deed6156240d"
IssueInstant="2010-08-27T05:24:46.360Z" Version="2.0"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>localhost:default:entityId</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_e31ba86e-98b0-48bb-b5f4-deed6156240d">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>8wP0L/LAQBlet3Qh/Ueww2dxZCA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>NZVuOduItANH5THpx1GNxuwRqjd3BRT9fjD1u+i3iKtlH6DPSkox1N30/VFrjLSTswwWGml/axS8kdkrcuzYPrfPk/p0ys8o54Q7Oz5AoBx9yzQl5OA8mL+mIjxwZVA8DhN5YpT+V7mw5wnwuHuR/HCpA/q6iYr6TY6wLSsW9J6eP+6rdTi72egdPJebbMgAq55IEut0kPGC1SFYFWd/72PxrjnGKwAez/zeaJ5DNf/XsoyIOBGv2HDXQcKkJ3cDzV/qoCpDMNQAES0amt0kjH16uRz6Xe10EJhZQJJocE2xw8ne8KXxEBE9fsIbc4zgOf1nUiTctpwprA6/D1XZzA==</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<X509Data>
<X509Certificate>MIIC/jCCAeagAwIBAgIQFbo2Qg0w955Dgf1MzdFm6zANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDEwZUcmF2aXMwIBcNMTAwNTAxMDYxODQ3WhgPMjExMDA0MDcwNjE4NDdaMBExDzANBgNVBAMTBlRyYXZpczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYhy0zAuKLqF1Qnz89o+7DvfE8yOTAspkNw7GInKnKl5SgJ0OGvpJehU4neEYiPjL7nfHGq4kGL+u/735gRBlMjQWsdCQAPZUR4OJbQzmcNGRIeZ5yUtduCjToI/ASXmUVHUK5sMwSvoSZoTMTsVrTe+oxtKIplq2WvdvrHVed0xIMGqk/ufi82cNEebE61aXQczpICrgMavnaTgQ2xzM6hu2lxL9C0SdNE9QOqtW+JzHQRYy2mzGkxsByuZ/M98MVkKJSQt24sYy52WK7MvlNnY8PSuPvdl8E1OWPfmCJNdXcYLTVZu399BNZazrVDPzybUbnnwygEg/hboHnGTNMCAwEAAaNQME4wFQYDVR0lBA4wDAYKKwYBBAGCNwoDBDAqBgNVHREEIzAhoB8GCisGAQQBgjcUAgOgEQwPVHJhdmlzQGRvZ3dvb2QAMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAJplSd5TXGT3jvX7aK3C+pohVRl/VfyigGFGU/AvX+oiqy+dCy4pw7Ee/luDkHCfReWG1aEIS3w7cSf8fHKsS5e339V4HsMVY7YaFyyQV7xzEuCMnDIIClcexF6Bm4LZQXcvojrYdnt0gedrmXi450N+YA5k/qGkMz4EFKv4rdxJxT2NVc6Lrv+ZfZJU0yHz74krbuG1I181+MtcKwfmKIzjU+HZ6PrwJktH2XO6rEP/yDg6gKSokJyi7OLpbVoKVN1obYmeB0PbAQChvEhCDNrbDMOkEEnhYlta6sdMLvIqbfRFvqjKGEqpMTEetijll70vEduJD9zsL6VRusIJ/pI=</X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
<Subject>
<NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">joe</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData
NotOnOrAfter="2010-08-27T05:25:46.360Z"
Recipient="https://localhost:9031/sp/ACS.saml2"/>
</SubjectConfirmation>
</Subject>
<Conditions NotBefore="2010-08-27T05:24:46.359Z"
NotOnOrAfter="2010-08-27T05:25:46.359Z">
<AudienceRestriction>
<Audience>localhost:default:entityId</Audience>
</AudienceRestriction>
</Conditions>
<AuthnStatement AuthnInstant="2010-08-27T05:24:46.360Z"
SessionIndex="_4da72941-e6da-4e59-af4f-2e0d3ea853a9">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
<AttributeStatement>
<Attribute Name="FooUrl"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<AttributeValue>https://localhost/SpSample/?foo=bar</AttributeValue>
</Attribute>
</AttributeStatement>
</Assertion>
2010-08-26 22:25:04,472 tid:8ec06a77f DEBUG
[org.sourceid.common.dsig.XmlSignatureUtil] Transformed XML:
<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_e31ba86e-98b0-48bb-b5f4-deed6156240d"
IssueInstant="2010-08-27T05:24:46.360Z" Version="2.0">
<Issuer>localhost:default:entityId</Issuer>
<Subject>
<NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">joe</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData
NotOnOrAfter="2010-08-27T05:25:46.360Z"
Recipient="https://localhost:9031/sp/ACS.saml2";></SubjectConfirmationData>
</SubjectConfirmation>
</Subject>
<Conditions NotBefore="2010-08-27T05:24:46.359Z"
NotOnOrAfter="2010-08-27T05:25:46.359Z">
<AudienceRestriction>
<Audience>localhost:default:entityId</Audience>
</AudienceRestriction>
</Conditions>
<AuthnStatement AuthnInstant="2010-08-27T05:24:46.360Z"
SessionIndex="_4da72941-e6da-4e59-af4f-2e0d3ea853a9">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
<AttributeStatement>
<Attribute Name="FooUrl"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<AttributeValue>https://localhost/SpSample/?foo=bar</AttributeValue>
</Attribute>
</AttributeStatement>
</Assertion>
2010-08-26 22:25:04,550 tid:8ec06a77f DEBUG
[org.sourceid.common.dsig.XmlSignatureUtil] Digest [base64 encoded
SHA-1]: WxH1MlSyFAlbRx0jlbuvwH27UrY=
Any help or tips would be *much* appreciated.
TIA!
--
Regards,
Travis Spencer
