Brent Putman wrote: > > Raul Benito wrote: >> Can you post an example of the behaviour (a code and an output)? >> > > Ok, here is a little test program I wrote. It's not OpenSAML-based, > it's just straight DOM-based code. Parses the assertion.xml and signs > the saml:Assertion, using enveloped and exclusive c14n on the single > internal document Reference, and exclusive c14n for the signature c14n. > No XPath transforms, etc. > > The signed-assertion.xml is the output I get when I run it with Sun's > JDK 1.5.0. As you can see, all the Signature children have the ds > namespace prefix redeclared. > > Let me know what you think.
Yes, that should be fixed. It is not the same problem as the xalan workaround which copies all the namespaces to every element in the doc. I think the problem is in XMLUtils.createElementInSignatureSpace. It really should only set the namespace attribute if it is the Signature element. Can you file a bug? Incidentally, this problem does not occur if you are using the JSR 105 API to create signatures which has its own marshalling code. --Sean > > Thanks, > Brent > > > ------------------------------------------------------------------------ > > <?xml version="1.0" encoding="UTF-16"?> > <saml:Assertion ID="assertionID" IssueInstant="2007-04-13T23:46:00.100Z" > Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> > <saml:Issuer>http://www.example.org/idp</saml:Issuer> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> > <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> > <ds:Reference URI="#assertionID" > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:Transform > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> > <ds:DigestValue > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>3Z41uwaAAFEiFh2ch1r0k9S4hiQ=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > V8g/NO6RKVxsCNz1hs5d2mAOklaZK80NsjCfELUO4w5qSpHaQPXchKzMf47/idiDGVgr1h3rxeKc > 516X2n00wtw84Mo7J8hvgJWXrY5z5P96GJZkc1qW9ywmBWRdWq5z2fXFdrSkCpO/GvcLaYC5a2vI > qGc4OV5QbGq52KFZQmo= > </ds:SignatureValue> > </ds:Signature><saml:Subject> > <saml:NameID>smithj</saml:NameID> > </saml:Subject> > <saml:AttributeStatement> > <saml:Attribute> > <saml:AttributeValue Name="emailAddress">[EMAIL > PROTECTED]</saml:AttributeValue> > </saml:Attribute> > </saml:AttributeStatement> > </saml:Assertion> > > > ------------------------------------------------------------------------ > > <?xml version="1.0" encoding="UTF-8"?> > <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" > Version="2.0" ID="assertionID" IssueInstant="2007-04-13T23:46:00.100Z"> > <saml:Issuer>http://www.example.org/idp</saml:Issuer> > <saml:Subject> > <saml:NameID>smithj</saml:NameID> > </saml:Subject> > <saml:AttributeStatement> > <saml:Attribute> > <saml:AttributeValue Name="emailAddress">[EMAIL > PROTECTED]</saml:AttributeValue> > </saml:Attribute> > </saml:AttributeStatement> > </saml:Assertion>
