On Tue, May 15, 2012 at 11:02 PM, Aleksey Sanin <[email protected]> wrote: > You probably want to contact RSA FIM to figure out what this > exception means.
RSA responded with: You must get the partner to change so that they are signing the responses only. Based on the template I mentioned previously, and the fact that the reference URI is emtpy, doesn't that mean that I'm signing the entire response? As a test, I used the online validator successfully. If I update the issueinstant in the <response> tag, the validator then fails the message as I expect. I'm still unclear on the following, as well: I presume enveloped signature means to sign the whole message, right? Is it enough to simply include <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> in the signature method, and the conicalization will magically be done by the library? Or do I have to signal xmlsec to do it in some way? or does it have tobe done with a different tool before the signing is completed? Thank you. Regards, Rich _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
