https://issues.apache.org/bugzilla/show_bug.cgi?id=47853
Summary: digital signature reference validation failure when
wrapping xml with soap namespace
Product: Security
Version: Java 1.4.2
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: Canonicalization
AssignedTo: security-dev@xml.apache.org
ReportedBy: trat...@yahoo.com
I am using opensaml 2 to validate digital signature. Open saml uses the xmlsec
jar for validation.
This works fine when the saml assertion is validated as is.
The problem happens when the signed assertion is wrapped inside a soap
envelope.
The soap has the soap namespace added to it.
The problem is that the xmlns declaration is added to the SignedInfo during the
validation.
The xml being validated looks like:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments";>
but if I check the canonicalized signed info with
signature.getSignedInfo().getCanonicalizedData();
I get:
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments";>
The xmlns="http://www.w3.org/2000/09/xmldsig#"; was added into the SignedInfo
and this is why the reference validation is failing.
(The signature is validated successfully, but the reference validation fails
because the extra namespace declaration was added).
How can this be solved?
Thanks,
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
