This week's book giveaway is in the Other Languages forum. We're giving away four copies of Functional Reactive Programming and have Stephen Blackheath and Anthony Jones on-line! See this thread for details.
Need help in removing Canonicalizing a digitally signed SAML without namespace and new line chars.
posted 6 years ago
I am using opensaml 1.0 to create saml assertion and digitally sign it. I am able to successfully sign the saml .
There are 3 problems I am facing :
1. Though the digitally signed saml assertion says it is canonicalized as the assertion has the elements
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>, the application team who validate the saml assertion
are saying it is invalid.
2. So, I tried to remove new line characters and carriage returns AFTER signing the SAML. I get a canonical saml assertion but the signature is disrupted.
3. The application team also want the namespaces removed. The namespaces are added to the saml when I create a new instance of the SAMLAssertion class
A good direction at this time will be most welcome. I know I am missing something!!!
I am using JDK 1.4 and tomcat 5.5 server for development. We are using a java keystore to digitally sign the saml. Keystore algorithm is RSA base 2048 bits .
The application team is validating the SAML Assertion I send across using Oxygen xml editor and every time they validate my assertion, it fails due to either of the above 3 reasons.