You need to make sure that whoever creates a signature
follows the W3C standard
Aleksey
On 4/13/11 6:46 AM, Roland Hedberg wrote:
Does this mean that I have to get the application upstream to make sure the
xmlns specification is there or is there some way I can prevent xmlsec1 from
adding it ?
On Apr 13, 2011, at 15:42, Aleksey Sanin wrote:
Yes.
http://www.w3.org/TR/xml-c14n
Aleksey
On 4/13/11 6:41 AM, Roland Hedberg wrote:
Hi!
Trying to find out why a signature verification failed.
So, I compared what I got and what xmlsec1 has as predigest data.
Nothing that I could see except for the fact that xmlsec1 in the predigest data
has added xmlns specifications for xsi.
<ns1:Attribute FriendlyName="eduPersonEntitlement" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><ns1:AttributeValue
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xs:string">foo</ns1:AttributeValue></ns1:Attribute>
The original was:
<ns1:Attribute FriendlyName="eduPersonEntitlement" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><ns1:AttributeValue
xsi:type="xs:string">foo</ns1:AttributeValue></ns1:Attribute>
Is this significant ??
--Roland
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
--Roland
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
