Brent,
That worked perfectly. Here is the resulting code I used from my first
post:
..
byte inputBytes[] = token.getBytes();
Document doc = db.parse(new ByteArrayInputStream(inputBytes));
// Set up required ID attribute
Element rootElement = doc.getDocumentElement();
String uriRef =
doc.getDocumentElement().getAttribute("AssertionId");
Attr id =
doc.getDocumentElement().getAttributeNode("AssertionID");
IdResolver.registerElementById(rootElement, id);
Element sigElement = null;
NodeList nodes =
doc.getElementsByTagNameNS(org.apache.xml.security.utils.Constants.Signa
tureSpecNS,"Signature");
..
I had to use the IdResolver.(Element,Attr) method. Thanks again for your
help and hopefully this thread helps others out trying to figure this
stuff out,
Phil
-----Original Message-----
From: Brent Putman [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 23, 2007 5:15 PM
To: security-dev@xml.apache.org
Subject: Re: "Cannot resolve element with ID" Error
The system configuration versioning is limited by an application server
and is:
JDK 1.4.11
XML Apache Security Library 1.2.0 with xmlsec-1.2.96.jar
Pretty sure that version is too old to have the SAML 1.1 support
described. If you can't upgrade to a newer library version, then I
think your only options are:
1) validate the DOM against the SAML 1.1. schema before you attempt
signature verification
2) manually preprocess the DOM and mark the ID attributes before you
attempt signature verification.
Actually, another option you could try, maybe even better for you
situation, is to preprocess the DOM and manually register the ID
value-to-Element mapping in the IdResolver.
In org.apache.xml.security.utils.IdResolver, see
IdResolver#registerElementById(Element, Attr)
IdResolver#registerElementById(Element, String)
I just remembered that that is supported, but I have not tried it, YMMV.
--Brent
