... I should have noticed that I am dealing with Perl's XML::libXML where I can register the namespace and use the shortcut .
Thanks for pointing out the error Tim On Wed, Dec 9, 2020 at 1:06 PM Aleksey Sanin <[email protected]> wrote: > > > --id-attr[:<attr-name>] [<node-namespace-uri>:]<node-name> > > samlp is not the namespace uri > > Aleksey > > On 12/8/20 5:38 PM, Timothy Legge wrote: > > Hi > > > > I have https://pastebin.com/v0PJwQri that I signed as follows: > > > > xmlsec1 --sign --privkey-pem t/dsa.private.key --id-attr:ID > > "Assertion" t/unsigned/xml-sig-unsigned-dsa-multiple-1.xml > > > t/unsigned/xml-sig-unsigned-dsa-multiple-2.xml > > > > which resulted in > > > > https://pastebin.com/8qhDhjU9 > > (t/unsigned/xml-sig-unsigned-dsa-multiple-2.xml) > > > > I added the second signature section to make > > t/unsigned/xml-sig-unsigned-dsa-multiple-3.xml > > > > https://pastebin.com/rmfuUtvB > > > > The goal is to sign the saml:Response with ID="identifier_1" (which > > has the first signature embedded in the saml:Assertion with > > ID="identifier_2) > > > > I have tried multiple options: > > > > Most of which result in: the following that seems to be looking at > > identifier_2 for some reason (it was already signed above) > > > > xmlsec1 --sign --privkey-pem t/dsa.private.key --id-attr:ID "Response" > > t/unsigned/xml-sig-unsigned-dsa-multiple-3.xml > > > > xmlsec1 --sign --privkey-pem t/dsa.private.key --id-attr:ID > > samlp:Response --node-xpath "/samlp:Response[@ID='identifier_1']" > > t/unsigned/xml-sig-unsigned-dsa-multiple-3.xml > > > > > > func=xmlSecXPathDataExecute:file=xpath.c:line=246:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 > > library function failed:expr=xpointer(id('identifier_2')); xml error: > > 0: NULL > > func=xmlSecXPathDataListExecute:file=xpath.c:line=330:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec > > library function failed: > > func=xmlSecTransformXPathExecute:file=xpath.c:line=430:obj=xpointer:subj=xmlSecXPathDataListExecute:error=1:xmlsec > > library function failed: > > func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2108:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec > > library function failed: > > func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1044:obj=xpointer:subj=xmlSecTransformPushXml:error=1:xmlsec > > library function failed: > > func=xmlSecTransformCtxExecute:file=transforms.c:line=1092:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec > > library function failed: > > func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1408:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec > > library function failed: > > func=xmlSecDSigCtxProcessReferences:file=xmldsig.c:line=752:obj=Reference:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec > > library function failed: > > func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=517:obj=unknown:subj=xmlSecDSigCtxProcessReferences:error=1:xmlsec > > library function failed: > > func=xmlSecDSigCtxSign:file=xmldsig.c:line=291:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec > > library function failed: > > Error: signature failed > > Error: failed to sign file "t/unsigned/xml-sig-unsigned-dsa-multiple-3.xml" > > > > I am sure it is something obvious. Any ideas? > > > > Tim > > _______________________________________________ > > xmlsec mailing list > > [email protected] > > http://www.aleksey.com/mailman/listinfo/xmlsec > > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
