AW: [w3c-ietf-xmldsig] <none> from Gregor Karlinger on 2003-12-16 (w3c-ietf-xmldsig@w3.org from October to December 2003)

From: Gregor Karlinger <gregor.karlinger@iaik.at>
Date: Tue, 16 Dec 2003 16:45:44 +0100
To: <deepak@linuxquestions.net>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <028101c3c3eb$b15a4580$2c981b81@GKARLINGER>

Hi,

this sounds like a problem with canonicalization. 

I guess signature verification works if you take the assertion out of the
soap envelope, but it fails if you try to validate it inside the envelope,
right?

If you want to validate your signature without taking the saml assertion
out of the soap envelope you must change the signature canonicalization
algorithm (dsig:Signature/dsig:SignedInfo/dsig:CanonicalizationAlgorithm).

Regards, Gregor
 

> -----Ursprüngliche Nachricht-----
> Von: w3c-ietf-xmldsig-request@w3.org [mailto:w3c-ietf-xmldsig-
> request@w3.org] Im Auftrag von Deepak K M
> Gesendet: Samstag, 13. Dezember 2003 15:16
> An: w3c-ietf-xmldsig@w3.org
> Betreff: [w3c-ietf-xmldsig] <none>
> 
> Hi,
> I am facing a problem with signing a SOAP envelop which conntain  SAML
> assertions.. The problem is signature verification is failing.
> If the saml elements are removed there is no problem with the
> verification. For vsrification apache xml-security package is used.
> 
> Thank you,
> Deepak
> 
> 
> _____________________________________________________________
> Thank you for choosing LinuxQuestions.
> http://www.linuxquestions.org
>

Received on Tuesday, 16 December 2003 10:46:03 UTC