[xmlsec] xmlsec and SAML (again)

Thu, 30 Aug 2007 13:16:46 -0700 

Hello all!
My name is Phil Christensen. I've been working with the Python bindings for the xmlsec library, and I've run into an issue that I see much discussed online, but cannot seem to find an answer for. 


I'm trying to validate the signature on a SAML response message, but  
having problems because the signature refers to an ID in the  
enclosing document. There's a thread about it here:


        http://www.aleksey.com/pipermail/xmlsec/2007/003806.html


The short version is that when I attempt to verify the signature, I  
get the following errors:



        func=xmlSecXPathDataExecute:file=xpath.c:line=273:
                obj=unknown:subj=xmlXPtrEval:error=5:
                        libxml2 library function failed:
                                
expr=xpointer(id('ac26828d19f8dba20bee0f5b90807edc'))
        func=xmlSecXPathDataListExecute:file=xpath.c:line=356:
                obj=unknown:subj=xmlSecXPathDataExecute:error=1:
                        xmlsec library function failed:
        func=xmlSecTransformXPathExecute:file=xpath.c:line=466:
                obj=xpointer:subj=xmlSecXPathDataExecute:error=1:
                        xmlsec library function failed:
        func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2371:
                obj=xpointer:subj=xmlSecTransformExecute:error=1:
                        xmlsec library function failed:
        func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1207:
                obj=unknown:subj=xmlSecTransformPushXml:error=1:
                        xmlsec library function failed:transform=xpointer
        func=xmlSecTransformCtxExecute:file=transforms.c:line=1267:
                obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:
                        xmlsec library function failed:
        func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1568:
                obj=unknown:subj=xmlSecTransformCtxExecute:error=1:
                        xmlsec library function failed:
        func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:
                obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:
                        xmlsec library function failed:node=Reference
        func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:
                obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:
                        xmlsec library function failed:
        func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:
                obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:
                        xmlsec library function failed:



From what I gather, there's a xmlAddID() function in libxml2 that  
allows you to manually register an entity for an existing ID, but  
it's not exposed by either the libxml2 or xmlsec Python bindings.



I'm just looking for any help at all in getting to the next step on  
this. I know that this list is more specific to the original C  
library than any of the higher-level bindings, but I figured this  
would be the best place to start.



At the very least, it would be great if I could get a better  
understanding of what the problem actually is, so that I can direct  
my questions to the appropriate people.


Thanks in advance,

-phil christensen

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec






















					Reply via email to