Hi,I translated the SAML example to Delphi using the Delphi API. I have a SAML Response sample that should be ok. But when running it returns signature invalid. I am attaching it to this e-mail. Can anybody help me checking if the signature is really invalid (it shouldn't be)?
Thanks, Bruno
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2007-02-21T08:47:55Z" MajorVersion="1" MinorVersion="0" ResponseID="bb0c0d16c72db4a9d21f22d14fc992ea"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="#default code ds kind rw saml samlp typens"></ec:InclusiveNamespaces></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> <ds:DigestValue>iFayKM67abnKSeDDiQNA0LkZ/XQ=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> BeqXQ8FewhNIJnOe5fCYEFAMuapjE6bG01E3vQfIZAAa0SW8I7gnPW7rueWe/P6XdQ+AxN2mj9T1 n3Rlg9nrPRz99+REZPIYaR0nQ3uP0p0elJ1MBjQMBzcHGJ4ioySHhDGJxbAI8Acqm9SYJrbIQJsq 2u7qnfNTdUEMqvCw2d4= </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIEJzCCAw+gAwIBAgILAQAAAAABDRxBWGwwDQYJKoZIhvcNAQEFBQAwNDELMAkGA1UEBhMCQkUx FjAUBgNVBAMTDUdvdmVybm1lbnQgQ0ExDTALBgNVBAUTBDIwMDYwHhcNMDYwODE3MTMxMDQ3WhcN MDcwODE3MTMxMDQ3WjCBiTELMAkGA1UEBhMCQkUxHjAcBgNVBAMTFUJlbGdpYW4gU0FNTCBTZXJ2 aWNlczEjMCEGA1UEChMaQmVsZ2lhbiBGZWRlcmFsIEdvdmVybm1lbnQxDzANBgNVBAsTBkZlZElD VDERMA8GA1UECBMIQnJ1c3NlbHMxETAPBgNVBAcTCEJydXNzZWxzMIGfMA0GCSqGSIb3DQEBAQUA A4GNADCBiQKBgQC/2YH3tseRSZbOGLUP2ZOeeCNS8C/j+OhojkVelPCZ0mKFSeFTNxfzB/hyiPnd NkEdv32tHmfQ2IlK0mXXkgBBKcNaDjHY6EUU+JdzBAvRZfsl+zUOEX5KX4WxfuRy8WA6BreOxgI8 1Zl/VpDe3YqLSGQ6UiIilvHSN9FzDeMQOwIDAQABo4IBZjCCAWIwRAYDVR0gBD0wOzA5BgdgOAEB AQMEMC4wLAYIKwYBBQUHAgEWIGh0dHA6Ly9yZXBvc2l0b3J5LnBraS5iZWxnaXVtLmJlMA4GA1Ud DwEB/wQEAwIE8DAfBgNVHSMEGDAWgBRMtfP4bAdgKIbMt9UGUISt5l7mgDAdBgNVHQ4EFgQUoL+I or8EjN5b6RhmzxLFTLOktYEwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2NybC5wa2kuYmVsZ2l1 bS5iZS9nb3Zlcm5tZW50MjAwNi5jcmwwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwbQYI KwYBBQUHAQEEYTBfMDUGCCsGAQUFBzAChilodHRwOi8vY2VydHMucGtpLmJlbGdpdW0uYmUvYmVs Z2l1bXJzLmNydDAmBggrBgEFBQcwAYYaaHR0cDovL29jc3AucGtpLmJlbGdpdW0uYmUwDQYJKoZI hvcNAQEFBQADggEBAKj8vUfs40Iy7rxAG8F1JthXL+7nk2ETNEd8LAelGExnSyIMCnmv19RQ+egd eWQ2DmPYEtAyD9YQir5mpQDA0OFLSIZIu+FS1KNJyLIN6LVRasi0xASNVrXIT1fG2o6r7KJzYPTl ourEG756naVqSqhA6hdVoVnDiQ+NZrRxG6PzWNHeMhxJ6OrNu4ztu9o4slePEnuQiznFMKfbjqAq LK3ODopn/pOb7IWbhLa/tEQ+hMI0A4mUlzh6hsnaTWERiuSNmzryVbpy/+3ooXJ3CsujamSBLQRs GJm5KnWZVratInwnJooHr1v5VjCqNB2xUkmQPgBFEyAZ+XCq/VBb2BM= </ds:X509Certificate> <ds:X509Certificate> MIID3TCCAsWgAwIBAgIQESt+nvjtTsUmICDl8GCxnzANBgkqhkiG9w0BAQUFADAnMQswCQYDVQQG EwJCRTEYMBYGA1UEAxMPQmVsZ2l1bSBSb290IENBMB4XDTA1MTIwMTExMDAwMFoXDTEyMDgwMTEw MDAwMFowNDELMAkGA1UEBhMCQkUxFjAUBgNVBAMTDUdvdmVybm1lbnQgQ0ExDTALBgNVBAUTBDIw MDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0tL3SirxVYIT8VaVz+9Jkgtfg4f4N CL3XkOMxRM8HNooBSBGfT161dnLSvEmKgYHXGCmj+KPXTrfzK3P/8WyxJGci06VF3b0XHY60EwfD MXjapaYSWWl0LmJUL9SwyLnAR41BytWcTK6w/o0inkc5uzZapBQpOrWdx87WmepXg+SY+reAsvLX ohM1R764W4yca7fF3ZBM2fGM2XGyEVhT61gwQu/w/Q4mqdMilganAbh0IwXelHQSL2VhAHMu7Z0v /aGoVI1SSxB9OpgW4eoqnjeGNPjzPkCneuJhWqmAz52YlWOevMTTN5RObquNA9pBbLdNIiP+nI5N 7dQMy40BAgMBAAGjgfcwgfQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYD VR0gBDwwOjA4BgZgOAEBAQMwLjAsBggrBgEFBQcCARYgaHR0cDovL3JlcG9zaXRvcnkucGtpLmJl bGdpdW0uYmUwHQYDVR0OBBYEFEy18/hsB2Aohsy31QZQhK3mXuaAMDYGA1UdHwQvMC0wK6ApoCeG JWh0dHA6Ly9jcmwucGtpLmJlbGdpdW0uYmUvYmVsZ2l1bS5jcmwwEQYJYIZIAYb4QgEBBAQDAgAH MB8GA1UdIwQYMBaAFBDwDFabYepXOrY1l22f3bkUjtvmMA0GCSqGSIb3DQEBBQUAA4IBAQCo4zBI 6KK4pPnbF5hxTK6tTptJQwWhYLHxf95GF9+OlL4/DbGDJOC93WuPIAaRMiUtVOpS+4Gnr7Ve5V6r FE9sAITGIOMAvqxdCLxIdD0D0bYrSx7WwUccx0utj4CUUAWbqPxjAaoM1sxdwsKP4O1DwxajMxqN NxcGm5K3yhbSXoMEtQH+0+VVrIbTK6v/Nefje4JRaWtHqynoHg+ecVrM+D72EGa1pXOHretRWNqu TJfYimayxWdvOPhnVcucbXc+2WlZC0qsEHewPvboriC2AA+i64xK/BUiEQE+Y8u/XsmVQTBLaHgY bhlhxLbfJmr9LOEqQVOAFzCohXcU0Az9 </ds:X509Certificate> <ds:X509Certificate> MIIDlDCCAnygAwIBAgIQWAsFbFMk27JQVxhf+eWmUDANBgkqhkiG9w0BAQUFADAnMQswCQYDVQQG EwJCRTEYMBYGA1UEAxMPQmVsZ2l1bSBSb290IENBMB4XDTAzMDEyNjIzMDAwMFoXDTE0MDEyNjIz MDAwMFowJzELMAkGA1UEBhMCQkUxGDAWBgNVBAMTD0JlbGdpdW0gUm9vdCBDQTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAMihcekcRkJ5eHFvna6pqKsot03HIOswkVp19eLSz8hMFJhC WK3HEcVAQGpa+XQSJ4fpnOVxTiIs0RIYqjBeoiG52bv/9nTrMQHnO35YD5EWTXaJqAFPrSJmcPpL HZXBMFjqvNll2Jq0iOtJRlLf0lMVdssUXRlJsW9q09P9vMIt7EU/CT9YvvzU7wCMgTVyv/cY6pZi fSsofxVsY9LKyn0FrMhtB20yvmi4BUCuVJhWPmbxMOjvxKuTXgfeMo8SdKpbNCNUwOpszv42kqgJ F+qhLc9s44Qd3ocuMws8dOIhUDiVLlzg5cYx+dtA+mqhpIqTm6chBocdJ9PEoclMsG8CAwEAAaOB uzCBuDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBCBgNVHSAEOzA5MDcGBWA4AQEB MC4wLAYIKwYBBQUHAgEWIGh0dHA6Ly9yZXBvc2l0b3J5LmVpZC5iZWxnaXVtLmJlMB0GA1UdDgQW BBQQ8AxWm2HqVzq2NZdtn925FI7b5jARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUEPAM Vpth6lc6tjWXbZ/duRSO2+YwDQYJKoZIhvcNAQEFBQADggEBAMhtIlGKYfgPlm7VILKB+MbcoxYA 2s1q52sq+llIp0xJN9dzoWoBZV4yveeX09AuPHPTjHuD79ZCwT+oqV0PN7p20kC9zC0/00RBSZz9 Wyn0AiMiW3Ebv1jZKE4tRfTa57VjRUQRDSp/M382SbTObqkCMa5c/ciJv0J71/Fg8teH9lcuen5q E4Ad3OPQYx49cTGxYNSeCMqr8JTHSHVUgfMbrXec6LKP24OsjzRr6L/D2fVDw2RV6xq9NoY2uiGM lxoh1OotO6y67Kcdq765Sps1LxxcHVGnH1TtEpf/8m6HfUbJdNbv6z195lluBpQE5KJVhzgoaiJe 4r50ErAEQyo= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo></ds:Signature><Status><StatusCode Value="samlp:Success"></StatusCode><StatusMessage>EGOV_AUTHENTICATION_SUCCESS</StatusMessage></Status><Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="f7691f381ce5b43d8c84086f327c5d80" IssueInstant="2007-02-21T08:47:55Z" Issuer="http://www.belgium.be"; MajorVersion="1" MinorVersion="0"><Conditions NotBefore="2007-02-21T08:45:55Z" NotOnOrAfter="2007-02-21T08:50:55Z"></Conditions><AuthenticationStatement AuthenticationInstant="2007-02-21T08:47:55Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><NameIdentifier>mib01</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement><AttributeStatement><Subject><NameIdentifier>mib01</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod></SubjectConfirmation></Subject><At tribute AttributeName="eGovUserId" AttributeNamespace="http://www.belgium.be";><AttributeValue>mib01</AttributeValue></Attribute><Attribute AttributeName="Surname" AttributeNamespace="http://www.belgium.be";><AttributeValue>Biondo</AttributeValue></Attribute><Attribute AttributeName="FirstName" AttributeNamespace="http://www.belgium.be";><AttributeValue>Michaël</AttributeValue></Attribute><Attribute AttributeName="NRN" AttributeNamespace="http://www.belgium.be";><AttributeValue>78061428505</AttributeValue></Attribute><Attribute AttributeName="Email" AttributeNamespace="http://www.belgium.be";><AttributeValue>[EMAIL PROTECTED]</AttributeValue></Attribute><Attribute AttributeName="Language" AttributeNamespace="http://www.belgium.be";><AttributeValue>fr</AttributeValue></Attribute><Attribute AttributeName="Category" AttributeNamespace="http://www.belgium.be";><AttributeValue>Citizen</AttributeValue></Attribute></AttributeStatement></Assertion></Response>
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
