Hello! I am relatively new to all of this and would appreciate any help you can provide. I am trying to sign the following response and get an error related to the Reference URI. Can you point me in the right direction as to what I am doing wrong?
Command: /apps/xmlsec/bin/xmlsec1 sign --store-signatures --store-references --privkey-pem keys/private.key,keys/hewitt.pem --id-attr:ID 1234 --trusted-pem keys/hewitt.pem --output saml-response-bepiflgpdfecdkjmgbimjdjdplmnmmiobiggdmgh.xml.out saml-response-bepiflgpdfecdkjmgbimjdjdplmnmmiobiggdmgh.xml The error that I receive is: /apps/xmlsec/bin/xmlsec1 sign --store-signatures --store-references --privkey-pem keys/private.key,keys/hewitt.pem --id-attr:ID 1234 --trusted-pem keys/hewitt.pem --output saml-response-bepiflgpdfecdkjmgbimjdjdplmnmmiobiggdmgh.xml.out saml-response-bepiflgpdfecdkjmgbimjdjdplmnmmiobiggdmgh.xml func=xmlSecTransformInputURIOpen:file=io.c:line=423:obj=input-uri:subj=o pencallback:error=7:io function failed:uri=1234;errno=2 func=xmlSecTransformCtxUriExecute:file=transforms.c:line=1135:obj=unknow n:subj=xmlSecTransformInputURIOpen:error=1:xmlsec library function failed:uri=1234 func=xmlSecTransformCtxExecute:file=transforms.c:line=1280:obj=unknown:s ubj=xmlSecTransformCtxUriExecute:error=1:xmlsec library function failed: func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unkn own:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unkn own:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function failed:node=Reference func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unkno wn:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDS igCtxSigantureProcessNode:error=1:xmlsec library function failed: Error: signature failed = SIGNATURE CONTEXT == Status: unknown == flags: 0x0000000e == flags2: 0x00000000 == Key Info Read Ctx: = KEY INFO READ CONTEXT == flags: 0x00000000 == flags2: 0x00000000 == enabled key data: all == RetrievalMethod level (cur/max): 0/1 == TRANSFORMS CTX (status=0) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: NULL === uri xpointer expr: NULL == EncryptedKey level (cur/max): 0/1 === KeyReq: ==== keyId: NULL ==== keyType: 0x00000000 ==== keyUsage: 0xffffffff ==== keyBitsSize: 0 === list size: 0 == Key Info Write Ctx: = KEY INFO WRITE CONTEXT == flags: 0x00000000 == flags2: 0x00000000 == enabled key data: all == RetrievalMethod level (cur/max): 0/1 == TRANSFORMS CTX (status=0) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: NULL === uri xpointer expr: NULL == EncryptedKey level (cur/max): 0/1 === KeyReq: ==== keyId: NULL ==== keyType: 0x00000001 ==== keyUsage: 0xffffffff ==== keyBitsSize: 0 === list size: 0 == Signature Transform Ctx: == TRANSFORMS CTX (status=0) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: NULL === uri xpointer expr: NULL === Transform: exc-c14n (href=http://www.w3.org/2001/10/xml-exc-c14n#) === Transform: membuf-transform (href=NULL) === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1) == Signature Method: === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1) == SignedInfo References List: === list size: 1 = REFERENCE CALCULATION CONTEXT == Status: unknown == URI: "1234" == Reference Transform Ctx: == TRANSFORMS CTX (status=0) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: 1234 === uri xpointer expr: NULL === Transform: input-uri (href=NULL) === Transform: xml-parser (href=NULL) === Transform: enveloped-signature (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature) === Transform: exc-c14n (href=http://www.w3.org/2001/10/xml-exc-c14n#) === Transform: membuf-transform (href=NULL) === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1) === Transform: base64 (href=http://www.w3.org/2000/09/xmldsig#base64) == Digest Method: === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1) == Manifest References List: === list size: 0 This is the SAML Response: <?xml version="1.0" encoding="UTF-8"?> <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="eangjhbokpbelnnlhopofglhhjmblhnahlhbd ipo" Version="2.0" IssueInstant="2009-05-21T01:56:51Z" Destination="https://two.qsse.hewitt.com/federation/C onsumer/metaAlias/sp"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">dev.genworth.com:saml 2.0</saml:Issuer> <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAM L:2.0:status:Success"></samlp:StatusCode> </samlp:Status> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="1234" IssueInstant= "2009-05-21T01:56:51Z"> <saml:Issuer>dev.genworth.com:saml2.0</saml:Issuer> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns="http://www.w3 .org/2000/09/xmldsig#"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; xmlns="http://www.w3.org /2000/09/xmldsig#"/> <Reference URI="1234" xmlns="http://www.w3.org/2000/09/xmldsig#";> <Transforms xmlns="http://www.w3.org/2000/09/xmldsig#";> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; xmlns="http ://www.w3.org/2000/09/xmldsig#"/> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns="http://www.w3.org/ 2000/09/xmldsig#"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; xmlns="http://www.w3.org/20 00/09/xmldsig#"/> <DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#";></DigestValue> </Reference> </SignedInfo> <SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#";></SignatureValue> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> <X509Data xmlns="http://www.w3.org/2000/09/xmldsig#";> <X509Certificate xmlns="http://www.w3.org/2000/09/xmldsig#";></X509Certificate> </X509Data> </KeyInfo> </Signature> <saml:Subject> <saml:NameID NameQualifier="dev.genworth.com:saml2.0" SPNameQualifier="qc.hewitt.com:saml2.0 " Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">0000</saml: NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData NotOnOrAfter="2009-05-21T01:57:51Z" Recipient="https:/ /was6-tba-dv.hewitt.com/federation/Consumer/metaAlias/sp" > </saml:SubjectConfirmationData> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2009-05-21T01:55:51Z" NotOnOrAfter="2009-05-21T01:57:51Z"> <saml:AudienceRestriction> <saml:Audience>qc.hewitt.com:saml2.0</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2009-05-21T01:56:51Z" SessionIndex="ibcepapgopfdgalnjipfpnfgj mimfiknjmbinbpl"> <saml:AuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Passwo rdProtectedTransport</sa ml:AuthnContextClassRef> </saml:AuthnContext></saml:AuthnStatement> <saml:AttributeStatement> <saml:Attribute Name="uid"> <saml:AttributeValue xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">326001093</s aml:AttributeValue> </saml:Attribute> <saml:Attribute Name="clientId"> <saml:AttributeValue xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">10557</saml: AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </samlp:Response>
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
