<div dir="ltr"><div><div><div>Hello,<br><br></div>Sorry for that . Here is the full xml. <br></div>I add the dtd after the processus of signing. Can this failed the verification ? Is there a function or a property which can do the same thing without altered the xml ?<br>
<br><br></div>Sébastien</div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-02-15 20:29 GMT+01:00 Aleksey Sanin <span dir="ltr"><<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">You didn't show the most interesting part - the ds:KeyInfo node<br>
<br>
Aleksey<br>
<div><div class="h5"><br>
On 2/14/14, 9:19 AM, sébastien spilmann wrote:<br>
> Hello,<br>
><br>
> I have a problem verifying a signature and that seems to be cause by<br>
> namespace.<br>
><br>
> My xml is something like this :<br>
> <Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol"<br>
> Destination="<a href="https://www.concursolutions.com/SAMLRedirector/ClientSAMLLogin.aspx" target="_blank">https://www.concursolutions.com/SAMLRedirector/ClientSAMLLogin.aspx</a>"<br>
> ID="_fe9537697781d3b3539fd23e4c027e4e5150"<br>
> IssueInstant="2013-07-23T18:44:40Z" Version="2.0"><br>
>     <ns1:Issuer xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion"<br>
> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"><a href="http://www.alcatel-lucent.com/wps/portal" target="_blank">http://www.alcatel-lucent.com/wps/portal</a></ns1:Issuer><br>
>     <Status><br>
>         <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/><br>
>     </Status><br>
>     <ns2:Assertion xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion"<br>
> ID="_ce339b73d43307de102c421fddef59aaa8c4"<br>
> IssueInstant="2013-07-23T18:44:40Z" Version="2.0"><br>
>         <ns2:Issuer<br>
> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"><a href="http://www.alcatel-lucent.com/wps/portal" target="_blank">http://www.alcatel-lucent.com/wps/portal</a></ns2:Issuer><ds:Signature<br>

> xmlns:ds="<a href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a>"><br>
> <ds:SignedInfo><br>
> <ds:CanonicalizationMethod<br>
> Algorithm="<a href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank">http://www.w3.org/2001/10/xml-exc-c14n#</a>"/><br>
> <ds:SignatureMethod Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>"/><br>
> <ds:Reference URI="#_ce339b73d43307de102c421fddef59aaa8c4"><br>
> <ds:Transforms><br>
> <ds:Transform<br>
> Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" target="_blank">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>"/><br>
> <ds:Transform Algorithm="<a href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank">http://www.w3.org/2001/10/xml-exc-c14n#</a>"/><br>
> </ds:Transforms><br>
> <ds:DigestMethod Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#sha1</a>"/><br>
> <ds:DigestValue>avA6FiiMVjEe3rPNfuwXBt+FH6c=</ds:DigestValue><br>
> </ds:Reference><br>
> </ds:SignedInfo><br>
> <ds:SignatureValue><br>
> DlWzq6dS+FlGO6HYc0uBRhJ6nRQ2aIE/UP0vnM2MENOvR/n8/xEAz0QjPAEKxjfCd1R1XU+B6uKw<br>
> 1XKT0Ku8jFNms6FwesDhabUvY6Nt9iLTabNynF33O9YGVxYELNwnKKFBS1Oj2aKbQ3Z5CyAH0xwc<br>
> KH6ht7ppL9OD3CX65Sk=<br>
> </ds:SignatureValue><br>
> <ds:KeyInfo><br>
> <ds:X509Data><br>
> ....<br>
><br>
> if i try to verify , i have the error :<br>
> "func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key<br>
> is not found:"<br>
><br>
> If i change all ns1 and ns2  namespace by ds namespace, the verify<br>
> function works but the digest is not correct<br>
><br>
> How could i do my code works with ns1 and ns2 ?<br>
><br>
> Sébastien<br>
><br>
><br>
</div></div>> _______________________________________________<br>
> xmlsec mailing list<br>
> <a href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a><br>
> <a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a><br>
><br>
</blockquote></div><br></div>