santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brandon Moser <brandonmo...@gmail.com>
Subject Re: Issue in Verifying Signing
Date Wed, 06 Apr 2011 22:28:11 GMT
Yes, we are using the Enveloped Signature Transform. The Signature is inside the saml2:Assertion
element, which is nested inside of the saml2:Response element.

What we're beginning to wonder is if the signature is actually being ignored during the check.
What is the best way to determine what is being checked and what is not?



On Apr 6, 2011, at 4:51 PM, Pellerin, Clement wrote:

> Is the Signature element within the scope of one of your references?
> For example, that happens when the Reference is the whole document.
> To make those signatures verifiable, you need the Enveloped Signature Transform
> to ignore the Signature element when computing the digest.
> 
> -----Original Message-----
> From: Brandon Moser [mailto:brandonmoser@gmail.com] 
> Sent: Wednesday, April 06, 2011 5:20 PM
> To: dev@santuario.apache.org
> Subject: Re: Issue in Verifying Signing
> 
> So, we decided to use a Transform that allows for whitespace changes, but we are still
receiving False when attempting to check the signature immediately after signing. It appears
in the log file that the Pre-Digest value before signing doesn't contain the SignatureValue
and DigestValue (expected), yet after signing the checkSignatureValue contains both Signature
& Digest values, which I would believe cause the digest to be different. Is it possible
to check the signature value immediately after signing and get a valid response of True?
> 
> I have tried to use the Online validator and oxygen's validator and both return, "Signature
Invalid".  We have included the public RSA key in the output in any attempt to validate this
output. Since we are development the data is not valuable, I have attached the XML output
and the log.
> 


Mime
View raw message