>> >> >> The system configuration versioning is limited by an application >> server and is: >> >> >> >> JDK 1.4.11 >> >> XML Apache Security Library 1.2.0 with xmlsec-1.2.96.jar >> > > > Pretty sure that version is too old to have the SAML 1.1 support > described. If you can't upgrade to a newer library version, then I > think your only options are: > > 1) validate the DOM against the SAML 1.1. schema before you attempt > signature verification > > 2) manually preprocess the DOM and mark the ID attributes before you > attempt signature verification.
Actually, another option you could try, maybe even better for you situation, is to preprocess the DOM and manually register the ID value-to-Element mapping in the IdResolver. In org.apache.xml.security.utils.IdResolver, see IdResolver#registerElementById(Element, Attr) IdResolver#registerElementById(Element, String) I just remembered that that is supported, but I have not tried it, YMMV. --Brent
