santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <sean.mul...@oracle.com>
Subject Re: XML Signature Validation Fails
Date Thu, 10 Oct 2013 20:50:43 GMT
Have you tried with a more recent JDK release, like 7u40?

--Sean

On 10/07/2013 02:12 PM, Terry, Ryan wrote:
> Still working on this XML validation issue.  Replaced the self-signbed
> certificate with a Verisign signed cert, and the problem persists.
> Debug logs show the following:
>
> [2013-10-07 11:18:44,533 http-bio-8080-exec-4]
> [org.apache.xml.security.signature.Reference : ?] [WARN ] Verification
> failed for URI "#_355f4d642121f2eabf18e0a29de1461f2a80ad3f"
>
> [2013-10-07 11:18:44,536 http-bio-8080-exec-4]
> [org.apache.xml.security.signature.Reference : ?] [WARN ] Expected
> Digest: B3ODtoOgYqgCD1zRSXkb+IKI+Fw=
>
> [2013-10-07 11:18:44,538 http-bio-8080-exec-4]
> [org.apache.xml.security.signature.Reference : ?] [WARN ] Actual Digest:
> 81w+8JNEEQ22uMu3nV1lI1jMyfU=
>
> [2013-10-07 11:18:44,541 http-bio-8080-exec-4]
> [org.apache.xml.security.signature.Manifest : ?] [DEBUG] The Reference
> has Type
>
> [2013-10-07 11:18:55,667 http-bio-8080-exec-4] [SamlSSODataHandler :
> 215] [ERROR] The SAML Response Signature was either invalid or the
> signing key could not be established as trusted!
>
> The interesting thing is that JDK revision effects this.  With JDK
> 1.6.0_17 this signature works, with 1.6.0_18 and newer it fails with
> this error.  How is the JDK affecting the digest value of a signature?
> Anyone have any ideas?
>
> Ryan Terry
>
> Senior Systems Engineer
> ADP Network Services
> w- 801.956.6999
> c- 801.509.3212
>
> ------------------------------------------------------------------------
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and
> confidential. If the reader of the message is not the intended recipient
> or an authorized representative of the intended recipient, you are
> hereby notified that any dissemination of this communication is strictly
> prohibited. If you have received this communication in error, notify the
> sender immediately by return email and delete the message and any
> attachments from your system.


Mime
View raw message