The following xmlsec utility command gets the reference correctly
though the signature verification fails since I don't have correct
keys:
$xmlsec1 --verify \
--store-references \
--id-attr:ID urn:oasis:names:tc:SAML:2.0:assertion:Assertion \
artifact.xml
Take a look at the xmlsec utility source code under debugger
and do the same in your program.
Aleksey
Aleksey Sanin wrote:
Send me the document you are trying to sign/verify
Aleksey
James Olsen wrote:
Hello Aleksey,
nodeReference = xmlSecFindNode( xmlDocGetRootElement(doc),
"Assertion", xmlSecDSigNs );
AS> You need to pass *saml* namespace URI.
As obvious as that may seem, I appreciate your answer because it
wasn't obvious to me at the time (looking back at it now it amazes me
that I didn't realize that on my own). I am now using the
'urn:oasis:names:tc:SAML:2.0:assertion' namespace and xmlSecFindNode
found the node. Thank you!
The node I used I passed to RegisterID was:
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Version="2.0"
ID="id-MnmgTQoTKX1-uz1e4IP3cHP-bV0-"
IssueInstant="2007-04-24T20:07:36Z">
and I used the attribute name "ID". I assume it is "ID" because that
is the name/case of the attribute in the Assertion element.
Here is the snippet of code:
nodeReference = xmlSecFindNode( xmlDocGetRootElement(doc),
"Assertion", "urn:oasis:names:tc:SAML:2.0:assertion" );
if ( nodeReference == NULL ) {
fprintf(stderr, "Error: reference node not found in passed-in
string n=%s ns=%s\n", "Assertion",
"urn:oasis:names:tc:SAML:2.0:assertion");
// eventually they won't be hard coded, but variables, which is
// why it's set up as a fprintf for now
goto done;
}
RegisterID( nodeReference, "ID" );
Unfortunately it seems to be the wrong node (or I've implemented
things incorrectly). The xmlSecFindNode returned the node, I passed
that to RegisterID which returned a success response (at least on the
first test run of the program, subsequent test runs return
"id already registered" response from RegisterID) but I'm still
getting this error:
func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2
library function
failed:expr=xpointer(id('id-MnmgTQoTKX1-uz1e4IP3cHP-bV0-'))
That's the same ID string that is identified in the 'dsig:Reference'
element's URI attribute: '#id-MnmgTQoTKX1-uz1e4IP3cHP-bV0-'.
I know this could easily be considered beyond xmlsec, and I am greatly
appreciative of the assistance I've received so far. Please know that
any advice anyone can give is tremendously appreciated.
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
