W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2005

RE: Xmlsecurity-C signed soap validation - can someone give me a hint

From: Cullum, Steve <steven.cullum@eds.com>
Date: Fri, 13 May 2005 18:51:19 +0100
Message-ID: <4F014656062C1140880B2247EDAFD3B101068003@ukspm204.emea.corp.eds.com>
To: "'w3c-ietf-xmldsig@w3.org'" <w3c-ietf-xmldsig@w3.org>

Thanks Rich,

Using xmlsec I get the problem declared in there FAQ (3.4) - Even armed with
this information I still seem unable to get either xmlsecurity-C or xmlsec
to verify the

-----Original Message-----
From: Rich Salz [mailto:rsalz@datapower.com] 
Sent: 13 May 2005 18:46
To: Cullum, Steve
Cc: 'w3c-ietf-xmldsig@w3.org.'
Subject: Re: Xmlsecurity-C signed soap validation - can someone give me a

> Using "checksig.exe" to test my document the exception 
> "XSECException::IDNotFoundInDOMDoc"  is thrown. Because fNodeIDMap 
> inside the fn() is 0

My guess is that xerces/xalan don't know what attributes are ID nodes, and
that when xmlsecurity-c tries to track down the element pointed to within
one of the dsig:References, it fails.

Looking at the specific signature you sent, it appears that you'll have to
somehow tell xerces/xalan that wsu:Id attributes are ID attributes, so that
the parser will recognize them and populate the IDmap.

I've never used any of the code you're using, so I can't tell you how to do
that.  I suggest you ask the relevant Apache lists.  It may even be a FAQ
(as it is with xmlsec :).


Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
Received on Friday, 13 May 2005 17:52:05 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:40 UTC