• Post Reply Bookmark Topic Watch Topic
  • New Topic

Need help in removing Canonicalizing a digitally signed SAML without namespace and new line chars.  RSS feed

nandy desikan
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using opensaml 1.0 to create saml assertion and digitally sign it. I am able to successfully sign the saml .

There are 3 problems I am facing :

1. Though the digitally signed saml assertion says it is canonicalized as the assertion has the elements
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>, the application team who validate the saml assertion
are saying it is invalid.
2. So, I tried to remove new line characters and carriage returns AFTER signing the SAML. I get a canonical saml assertion but the signature is disrupted.
3. The application team also want the namespaces removed. The namespaces are added to the saml when I create a new instance of the SAMLAssertion class

A good direction at this time will be most welcome. I know I am missing something!!!

I am using JDK 1.4 and tomcat 5.5 server for development. We are using a java keystore to digitally sign the saml. Keystore algorithm is RSA base 2048 bits .
The application team is validating the SAML Assertion I send across using Oxygen xml editor and every time they validate my assertion, it fails due to either of the above 3 reasons.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!