santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From eric fu <>
Subject Re: Issue in Verifying Signing
Date Thu, 07 Apr 2011 18:39:53 GMT
Did you checked and compared output for each Reference? The first step is to
verify digest values of all references are same, then content of SignedInfo.


On Wed, Apr 6, 2011 at 7:21 AM, Brandon Moser <>wrote:

> Hi,
> I'm having an issue trying to verify a signed SAML Response. Our
> implementation is using ColdFusion 9 & JRun 4 (which I don't believe are
> effecting the outcome). We are able to load the necessary Jars and create
> and sign the response. Upon signing, we validate the signing, which returns
> True. Once the Xml Document is changed to string data, encoded in Base 64,
> decoded and parsed back into a Xml document, we are unable to validate the
> signature. I have even gone as far as getting the Signature Values on both
> versions of the SAML Response. In both cases, the Signature Value is exactly
> the same. We have also outputted the Xml to a document, both before and
> after encoding, and found that the documents match 100%. Yet, no matter what
> I change or what example I read, I cannot validate the encoded/decoded SAML
> Response.
> Any help in things I should be looking for and/or trying would be greatly
> appreciated.
> Thanks in advance,
> Brandon
> --
> Brandon Moser

View raw message