[xmlsec] Problem wtih xml namespace

Fri, 14 Feb 2014 09:20:14 -0800 

Hello,

I have a problem verifying a signature and that seems to be cause by
namespace.

My xml is something like this :
<Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol" Destination="
https://www.concursolutions.com/SAMLRedirector/ClientSAMLLogin.aspx";
ID="_fe9537697781d3b3539fd23e4c027e4e5150"
IssueInstant="2013-07-23T18:44:40Z" Version="2.0">
    <ns1:Issuer xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
http://www.alcatel-lucent.com/wps/portal</ns1:Issuer>
    <Status>
        <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </Status>
    <ns2:Assertion xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_ce339b73d43307de102c421fddef59aaa8c4"
IssueInstant="2013-07-23T18:44:40Z" Version="2.0">
        <ns2:Issuer
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
http://www.alcatel-lucent.com/wps/portal</ns2:Issuer><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_ce339b73d43307de102c421fddef59aaa8c4">
<ds:Transforms>
<ds:Transform Algorithm="
http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>avA6FiiMVjEe3rPNfuwXBt+FH6c=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
DlWzq6dS+FlGO6HYc0uBRhJ6nRQ2aIE/UP0vnM2MENOvR/n8/xEAz0QjPAEKxjfCd1R1XU+B6uKw
1XKT0Ku8jFNms6FwesDhabUvY6Nt9iLTabNynF33O9YGVxYELNwnKKFBS1Oj2aKbQ3Z5CyAH0xwc
KH6ht7ppL9OD3CX65Sk=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
....

if i try to verify , i have the error :
"func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
is not found:"

If i change all ns1 and ns2  namespace by ds namespace, the verify function
works but the digest is not correct

How could i do my code works with ns1 and ns2 ?

Sébastien

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to