|
I will send a URL for a complete test app
if you wish (complete with .NET code). In the meantime, here is the file. I’ll
check again and see if there is any way to get access to more data with the
.NET API. Thanks Ed! From: Ed Shallow
[mailto:[EMAIL PROTECTED] Hi Aleksey, Any suggestions on the
attached ? This inter-op stuff is pretty important to us loyal
fans. Especially if this gentlemen is claiming .Net 2.0 to Java inter-op. Jon, can you send the
offending document to the list ? Or alternatively send me a
test .p12 and its password (if any) and I'll sign and send you back a few
simple XMLSec signed documents which you can attempt to verify with .Net 2.0 We
can try a few things. Cheers, Ed From: Ed
Shallow [mailto:[EMAIL PROTECTED] Is it a data and digest do not match
related error ? If so, does .Net have any way of dumping
the pre-digest buffer ? Ed From: Jon Lind
[mailto:[EMAIL PROTECTED] Yeah, there were loads of canonicalization
errors in .NET 1.1. We went through that last fall, but when we switched
to 2.0 we were able to interop with our Java partners. However, I am completely unable to get it
to work with an XmlSec signed document. I’m sure I’m doing
something wrong, but amazingly I can’t find anything on this on the web
and the .NET API just says “False” so there’s no good way to
debug. Anyway, thanks! From: Ed Shallow
[mailto:[EMAIL PROTECTED] I'll be trying .Net Framework-based
inter-op in the coming months, I'll let you know. I remember reporting problems
with Beta Releases of InfoPath 2003 back in 2002 that had to do with faulty
canonicalization in MSXML. This was fixed by the time InfoPath 2003 shipped.
They are pretty conscious of inter-op and do extensive testing with IBM and
others. I know for a fact that they are aware of, and "probably" have
conducted inter-op with XMLSec. Additionally Open Office uses XMLSec and that
is definitely on their radar. Ed From: Jon Lind
[mailto:[EMAIL PROTECTED] Interesting. So MS to XmlSec
works. Has anyone done the reverse (signing with
XmlSec and verifying with .NET?) From: Ed Shallow
[mailto:[EMAIL PROTECTED] Hi All, I have verified signed
documents from MS Office Word 2007 Beta 2, Office InfoPath 2003, and Office
InfoPath 2007 Beta 2. However I am not sure what crypto lib they use under the
covers. I had heard that they were based on MSXML5 which was not released to
the public and used only internally. I would suspect however that MSXML5 and
the System.Cryptography.Xml .Net packages are compatible, and therefore by
extension so is XMLSec. Cheers, Ed P.S. Office 2007 Beta 2 is publicly
available for download are all versions of the .Net packages From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Jon Lind Howdy. I am wondering if anyone has successfully used
XmlSec to sign a document and then verified it in Microsoft .NET 2.0? I
have Googled this and can’t find any accounts of someone doing this. Thanks! |
<?xml version="1.0" encoding="UTF-8"?> <samlp:Response xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://login.gamespy.com/GameInvasion/Invasion.aspx"; ID="eb6c6e4aa6e88cf5658dbfb5ce8104a7" IssueInstant="2005-11-04T03:52:49.641Z" Version="2.0"> <saml:Issuer>https://sso.bbt1.cistest.att.net/Comcast/IdP/sso</saml:Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion ID="97f3d392d8ee7df2d1139e5efc43510500fca2a81967df287f1351a52cf2296b" IssueInstant="2005-11-04T03:52:49.633Z" Version="2.0"> <saml:Issuer>https://sso.bbt1.cistest.att.net/Comcast/IdP/sso</saml:Issuer> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">{A498DC30-A3F0-48c1-B61C-9C7C849B5675}</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData Address="68.87.127.5" NotOnOrAfter="2005-11-04T03:55:49.633Z" Recipient="https://login.gamespy.com/GameInvasion/Invasion.aspx"/> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions> <saml:AudienceRestriction> <saml:Audience>https://login.gamespy.com/GameInvasion/Invasion.aspx</saml:Audience> </saml:AudienceRestriction> <saml:OneTimeUse/> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2005-11-04T03:52:49.633Z"> <saml:AuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> <saml:AttributeStatement> <saml:Attribute Name="emailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue>[EMAIL PROTECTED]</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="status" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue>A</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <dsig:Reference URI=""> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <dsig:DigestValue>VHVxkR40M/WSCsPWVCw49/M/3Eg=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>KV/GgKF43Xtg/G0bx88OQPrWyDfNfCfsFEbHzKF4mBLm8Sse8pg/7b1A5InoIy1L UfUcbDm33BNP0JtBIkuRXYuLrcu4Vc1cQG2jHXbGdzvSuITk9EoszBfNzjAsHn2C iK179Nti/s2Qe3Oy5y7iGkPX5CJv6e2jWRKrTQVgAK4=</dsig:SignatureValue> </dsig:Signature> </samlp:Response>
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
