Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Need help in removing Canonicalizing a digitally signed SAML without namespace and new line chars.

 
nandy desikan
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using opensaml 1.0 to create saml assertion and digitally sign it. I am able to successfully sign the saml .

There are 3 problems I am facing :

1. Though the digitally signed saml assertion says it is canonicalized as the assertion has the elements
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>, the application team who validate the saml assertion
are saying it is invalid.
2. So, I tried to remove new line characters and carriage returns AFTER signing the SAML. I get a canonical saml assertion but the signature is disrupted.
3. The application team also want the namespaces removed. The namespaces are added to the saml when I create a new instance of the SAMLAssertion class

A good direction at this time will be most welcome. I know I am missing something!!!


I am using JDK 1.4 and tomcat 5.5 server for development. We are using a java keystore to digitally sign the saml. Keystore algorithm is RSA base 2048 bits .
The application team is validating the SAML Assertion I send across using Oxygen xml editor and every time they validate my assertion, it fails due to either of the above 3 reasons.
 
Consider Paul's rocket mass heater.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic