https://issues.apache.org/bugzilla/show_bug.cgi?id=45586
Satish Burnwal <[EMAIL PROTECTED]> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |ASSIGNED
--- Comment #7 from Satish Burnwal <[EMAIL PROTECTED]> 2008-09-18 04:17:09 PST
---
As per your suggestion, I have obtained and compared the pre-digest inputs
before signing and before validating the signature - they are identical. In
fact during the signature verification, I observed that the class
org.apache.xml.security.signature.Reference does prints "Verification
successful for URI #id-29762786". FYI - there were 4 spaces which are present
in both the pre-digested inputs at the end of the line.
Before signing:
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
AssertionID="a8d403e706c3a178cc312f9ec97fe771" Id="id-24044096"
IssueInstant="2008-09-18T08:58:11.321Z" Issuer="SmartInternetTechnology"
MajorVersion="1" MinorVersion="1"><Conditions
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
NotBefore="2008-09-18T08:58:11.102Z"
NotOnOrAfter="2008-09-18T09:58:11.102Z"></Conditions><AuthenticationStatement
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
AuthenticationInstant="2008-09-18T08:58:11.102Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"><Subject><NameIdentifier
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">arun</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement><AttributeStatement
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"><Subject><NameIdentifier
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">arun</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</ConfirmationMethod></SubjectConfirmation></Subject><Attribute
AttributeName="telephone"
AttributeNamespace="telephoneNumber"><AttributeValue>a</AttributeValue></Attribute></AttributeStatement></saml:Assertion>
Before validating sign:
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
AssertionID="a8d403e706c3a178cc312f9ec97fe771" Id="id-24044096"
IssueInstant="2008-09-18T08:58:11.321Z" Issuer="SmartInternetTechnology"
MajorVersion="1" MinorVersion="1"><Conditions
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
NotBefore="2008-09-18T08:58:11.102Z"
NotOnOrAfter="2008-09-18T09:58:11.102Z"></Conditions><AuthenticationStatement
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
AuthenticationInstant="2008-09-18T08:58:11.102Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"><Subject><NameIdentifier
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">arun</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement><AttributeStatement
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"><Subject><NameIdentifier
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">arun</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</ConfirmationMethod></SubjectConfirmation></Subject><Attribute
AttributeName="telephone"
AttributeNamespace="telephoneNumber"><AttributeValue>a</AttributeValue></Attribute></AttributeStatement></saml:Assertion>
Also as you wanted to know - there is exc14n tranform after enveloped transform
and we are using the apache xmlsec impl only for signing.
Thanks
-Satish
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
