Weird indeed. The document and DTD look good to me but apparently ID attribute is not recognized. May be there were some changes in LibXML2? Or may be LibXML2 was not compiled with XPointer support?
Aleksey On 8/23/13 9:44 AM, Max Motovilov wrote: > > Happening to me in the code that's previously been working for quite a > while. Here's the document I pass via its <Signature> element into > xmlSecDSigCtxSign() : > > ========= > <?xml version="1.0" encoding="UTF-8" standalone="no"?> > <!DOCTYPE AuthnRequest [ > <!ELEMENT AuthnRequest (#PCDATA)> > <!ATTLIST AuthnRequest ID ID #IMPLIED> > ]> > <AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:protocol" ID="login" > Destination="http://10.0.25.17:8080/cosmosDev/web/idp/SSO"; > IssueInstant="2013-08-23T18:39:25Z" Version="2.0"> > <Issuer > xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://10.0.26.16/ssoRequest</Issuer> > > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> > <SignedInfo> > <CanonicalizationMethod > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> > <SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > <Reference URI="#login"> > <Transforms> > <Transform > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> > </Transforms> > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > <DigestValue/> > </Reference> > </SignedInfo> > <SignatureValue/> > </Signature> > </AuthnRequest> > ========= > > and here's the traceback I get: > > ========= > func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 > > library function failed:expr=xpointer(id('login')) > func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec > > library function failed: > func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec > > library function failed: > func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2395:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec > > library function failed: > func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1226:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec > > library function failed:transform=xpointer > func=xmlSecTransformCtxExecute:file=transforms.c:line=1286:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec > > library function failed: > func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec > > library function failed: > func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec > > library function failed:node=Reference > func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec > > library function failed: > func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec > > library function failed: > ========= > > The document has an ID attribute declared in DTD, the value has no weird > characters in it yet the id() expression fails. To add insult to injury, > this is in the code that's been working for a long time on different > versions of Linux. The problem I am seeing now is on CentOS > (2.6.32-220.23.1.el6.centos.plus.x86_64), libxmlsec1 1.2.16, libxml2 > 2.7.6, BUT everything has worked with this configuration (just not this > particular instance) before! The only difference I can think of is that > the XML document is now created by a different (newer) version of the > wrapper library for libxml2 (https://github.com/polotek/libxmljs) but > what could it possibly impact I don't know. Same version of the library > works for me just fine on a different system. > > Ideas or advice very much appreciated! > > Thanks in advance, > ...Max... > > > > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
