<html><head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
</head><body bgcolor="#FFFFFF" text="#000000">with --print-debug, here
is the output<br>
<br>
Error: signature failed<br>
ERROR<br>
SignedInfo References (ok/all): 0/1<br>
Manifests References (ok/all): 0/0<br>
= VERIFICATION CONTEXT<br>
== Status: unknown<br>
== flags: 0x00000000<br>
== flags2: 0x00000000<br>
== Key Info Read Ctx:<br>
= KEY INFO READ CONTEXT<br>
== flags: 0x00000000<br>
== flags2: 0x00000000<br>
== enabled key data: all<br>
== RetrievalMethod level (cur/max): 0/1<br>
== TRANSFORMS CTX (status=0)<br>
== flags: 0x00000000<br>
== flags2: 0x00000000<br>
== enabled transforms: all<br>
=== uri: NULL<br>
=== uri xpointer expr: NULL<br>
== EncryptedKey level (cur/max): 0/1<br>
=== KeyReq:<br>
==== keyId: NULL<br>
==== keyType: 0x00000000<br>
==== keyUsage: 0xffffffff<br>
==== keyBitsSize: 0<br>
=== list size: 0<br>
== Key Info Write Ctx:<br>
= KEY INFO WRITE CONTEXT<br>
== flags: 0x00000000<br>
== flags2: 0x00000000<br>
== enabled key data: all<br>
== RetrievalMethod level (cur/max): 0/1<br>
== TRANSFORMS CTX (status=0)<br>
== flags: 0x00000000<br>
== flags2: 0x00000000<br>
== enabled transforms: all<br>
=== uri: NULL<br>
=== uri xpointer expr: NULL<br>
== EncryptedKey level (cur/max): 0/1<br>
=== KeyReq:<br>
==== keyId: NULL<br>
==== keyType: 0x00000001<br>
==== keyUsage: 0xffffffff<br>
==== keyBitsSize: 0<br>
=== list size: 0<br>
== Signature Transform Ctx:<br>
== TRANSFORMS CTX (status=0)<br>
== flags: 0x00000000<br>
== flags2: 0x00000000<br>
== enabled transforms: all<br>
=== uri: NULL<br>
=== uri xpointer expr: NULL<br>
=== Transform: exc-c14n (href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>)<br>
=== Transform: rsa-sha1
(href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>)<br>
== Signature Method:<br>
=== Transform: rsa-sha1
(href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>)<br>
== SignedInfo References List:<br>
=== list size: 1<br>
= REFERENCE VERIFICATION CONTEXT<br>
== Status: unknown<br>
== URI: "#_9b281906-5626-4579-b506-6e1e344b5dd7"<br>
== Reference Transform Ctx:<br>
== TRANSFORMS CTX (status=1)<br>
== flags: 0x00000000<br>
== flags2: 0x00000000<br>
== enabled transforms: all<br>
=== uri:<br>
=== uri xpointer expr: #_9b281906-5626-4579-b506-6e1e344b5dd7<br>
=== Transform: xpointer
(href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2001/04/xmldsig-more/xptr">http://www.w3.org/2001/04/xmldsig-more/xptr</a>)<br>
=== Transform: enveloped-signature
(href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>)<br>
=== Transform: exc-c14n (href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>)<br>
=== Transform: sha1 (href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br>
=== Transform: membuf-transform (href=NULL)<br>
== Digest Method:<br>
=== Transform: sha1 (href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br>
== Manifest References List:<br>
=== list size: 0<br>
Error: failed to verify file "SAMLResponse.xml"<br>
<br>
is it a matter of key verification, or malformed xml? because the same
xml is passing when using php.<br>
<br>
<blockquote style="border: 0px none;"
cite="mid:532955F9.3040905@smartsignin.com" type="cite">
<div style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div
style="display:table;width:100%;border-top:1px solid
#EDEEF0;padding-top:5px"> <div
style="display:table-cell;vertical-align:middle;padding-right:6px;"><img
photoaddress="yjawwad@smartsignin.com" photoname="Yousuf Jawwad"
src="cid:part1.00070004.07040709@smartsignin.com"
name="compose-unknown-contact.jpg" height="25px" width="25px"></div> <div
style="display:table-cell;white-space:nowrap;vertical-align:middle;width:100%">
<a moz-do-not-send="true" href="mailto:yjawwad@smartsignin.com"
style="color:#737F92
!important;padding-right:6px;font-weight:bold;text-decoration:none
!important;">Yousuf Jawwad</a></div> <div
style="display:table-cell;white-space:nowrap;vertical-align:middle;">
<font color="#9FA2A5"><span style="padding-left:6px">19 March 2014
1:31 pm</span></font></div></div></div>
<div style="color:#888888;margin-left:24px;margin-right:24px;"
__pbrmquotes="true" class="__pbConvBody">
<meta content="text/html; charset=ISO-8859-1" http-equiv="content-type">
when i run <br>
<br>
<span style="font-family: monospace;">xmlsec1 --verify
--pubkey-cert-pem my.cer '--id-attr:ID' 'urn:oasis:names:tc:SAML:2.0'
Response.xml</span><br>
<br>
the stacktrace given to me is<br>
<br>
<span style="font-family: monospace;">func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2
library function
failed:expr=xpointer(id('_9b281906-5626-4579-b506-6e1e344b5dd7'))</span><br
style="font-family: monospace;">
<span style="font-family: monospace;">func=xmlSecXPathDataListExecute:file=xpath.c:line=373:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec
library function failed:</span><br style="font-family: monospace;">
<span style="font-family: monospace;">func=xmlSecTransformXPathExecute:file=xpath.c:line=483:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec
library function failed:</span><br style="font-family: monospace;">
<span style="font-family: monospace;">func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2405:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec
library function failed:</span><br style="font-family: monospace;">
<span style="font-family: monospace;">func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1236:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec
library function failed:transform=xpointer</span><br
style="font-family: monospace;">
<span style="font-family: monospace;">func=xmlSecTransformCtxExecute:file=transforms.c:line=1296:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec
library function failed:</span><br style="font-family: monospace;">
<span style="font-family: monospace;">func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec
library function failed:</span><br style="font-family: monospace;">
<span style="font-family: monospace;">func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec
library function failed:node=Reference</span><br style="font-family:
monospace;">
<span style="font-family: monospace;">func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec
library function failed:</span><br style="font-family: monospace;">
<span style="font-family: monospace;">func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec
library function failed:</span><br style="font-family: monospace;">
<span style="font-family: monospace;">Error: signature failed</span><br
style="font-family: monospace;">
<span style="font-family: monospace;">ERROR</span><br
style="font-family: monospace;">
<span style="font-family: monospace;">SignedInfo References (ok/all):
0/1</span><br style="font-family: monospace;">
<span style="font-family: monospace;">Manifests References (ok/all):
0/0</span><br style="font-family: monospace;">
<span style="font-family: monospace;">Error: failed to verify file</span><br>
<br>
the xml in question is<br>
<br>
<span style="font-family: monospace;"><samlp:Response
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="_9b281906-5626-4579-b506-6e1e344b5dd7" Version="2.0"
IssueInstant="2014-03-19T06:39:08.634Z"</span><br style="font-family:
monospace;">
<span style="font-family: monospace;">
Destination=<a moz-do-not-send="true"
href="https://perfectcloudstaging.happyfox.com/staff/smartsignin/callback"
class="moz-txt-link-rfc2396E">"https://perfectcloudstaging.happyfox.com/staff/smartsignin/callback"</a>></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"> <saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><a
moz-do-not-send="true"
href="http://localhost:54660/saml2/metadata/6118c9130de04f60b09616de43fa7d27"
class="moz-txt-link-freetext">http://localhost:54660/saml2/metadata/6118c9130de04f60b09616de43fa7d27</a></saml:Issuer></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"> <Signature
xmlns=<a moz-do-not-send="true"
href="http://www.w3.org/2000/09/xmldsig#" class="moz-txt-link-rfc2396E">"http://www.w3.org/2000/09/xmldsig#"</a>></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"> <SignedInfo></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
<CanonicalizationMethod
Algorithm=<a moz-do-not-send="true"
href="http://www.w3.org/2001/10/xml-exc-c14n#"
class="moz-txt-link-rfc2396E">"http://www.w3.org/2001/10/xml-exc-c14n#"</a>/></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"> <SignatureMethod
Algorithm=<a moz-do-not-send="true"
href="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
class="moz-txt-link-rfc2396E">"http://www.w3.org/2000/09/xmldsig#rsa-sha1"</a>/></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"> <Reference
URI="#_9b281906-5626-4579-b506-6e1e344b5dd7"></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
<Transforms></span><br style="font-family: monospace;">
<span style="font-family: monospace;">
<Transform
Algorithm=<a moz-do-not-send="true"
href="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
class="moz-txt-link-rfc2396E">"http://www.w3.org/2000/09/xmldsig#enveloped-signature"</a>/></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
<Transform Algorithm=<a moz-do-not-send="true"
href="http://www.w3.org/2001/10/xml-exc-c14n#"
class="moz-txt-link-rfc2396E">"http://www.w3.org/2001/10/xml-exc-c14n#"</a>></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
<InclusiveNamespaces xmlns=<a moz-do-not-send="true"
href="http://www.w3.org/2001/10/xml-exc-c14n#"
class="moz-txt-link-rfc2396E">"http://www.w3.org/2001/10/xml-exc-c14n#"</a>
PrefixList="#default samlp saml ds xs xsi"/></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
</Transform></span><br style="font-family: monospace;">
<span style="font-family: monospace;">
</Transforms></span><br style="font-family: monospace;">
<span style="font-family: monospace;"> <DigestMethod
Algorithm=<a moz-do-not-send="true"
href="http://www.w3.org/2000/09/xmldsig#sha1"
class="moz-txt-link-rfc2396E">"http://www.w3.org/2000/09/xmldsig#sha1"</a>/></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
<DigestValue>ZtZ7NdVHlkd0cHbI13ukQJyPwTE=</DigestValue></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"> </Reference></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"> </SignedInfo></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
<SignatureValue>Tjr3DtAMF50tsxPXB929T8KZgw1D0jW4ugD6c9EFe1prpyA1anKkuwfOzcrrrFoRTo3jZ4aplENgb03ZYUjve9Q3UNUlOQiP9XId2IblvMYvf75Q9jyAZ8L024d5TlkkMoGHEB//+l4FfUh8sMrVXfR7gY0VaZRzwdIEfXpx60hxDuiTVBV/dqpfg+nc95Z/OXiJUWHvYZGY126lse/gqFrHG8YukzBalZdUsDM0dykefNWe5Dr8Rpn6JqCNmnze4hA4bsFfEW1mk1B8AJGDirXg4sQlLOSJFmDG2RrShVUT1oY0XY/xSJDI0oMokKehWMyP7A5q77Zg6jfeDHRJeA==</SignatureValue></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"> <KeyInfo></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"> <X509Data></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
<X509Certificate></span><br style="font-family: monospace;">
<span style="font-family: monospace;"> <!-- my
cert --></span><br style="font-family: monospace;">
<span style="font-family: monospace;">
</X509Certificate></span><br style="font-family: monospace;">
<span style="font-family: monospace;"> </X509Data></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"> </KeyInfo></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"> </Signature></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"> <samlp:Status></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"> <samlp:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"> </samlp:Status></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"> <saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0"
ID="_31d8f30a-4db0-4f8a-9542-e7becec31456"
IssueInstant="2014-03-19T06:39:08.634Z"></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
<saml:Issuer><a moz-do-not-send="true"
href="http://localhost:54660/saml2/metadata/6118c9130de04f60b09616de43fa7d27"
class="moz-txt-link-freetext">http://localhost:54660/saml2/metadata/6118c9130de04f60b09616de43fa7d27</a></saml:Issuer></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"> <saml:Subject></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"> <saml:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"><a
moz-do-not-send="true" href="mailto:draizada@smartsignin.com"
class="moz-txt-link-abbreviated">draizada@smartsignin.com</a></saml:NameID></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
<saml:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
<saml:SubjectConfirmationData NotOnOrAfter="2014-03-19T06:59:08.686Z"
Recipient=<a moz-do-not-send="true" href="https://example.com/saml/"
class="moz-txt-link-rfc2396E">"https://example.com/saml/"</a>/></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
</saml:SubjectConfirmation></span><br style="font-family:
monospace;">
<span style="font-family: monospace;"> </saml:Subject></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"> <saml:Conditions
NotBefore="2014-03-19T06:19:08.686Z"
NotOnOrAfter="2014-03-19T06:59:08.686Z"/></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
<saml:AttributeStatement></span><br style="font-family:
monospace;">
<span style="font-family: monospace;"> <saml:Attribute
Name="email"></span><br style="font-family: monospace;">
<span style="font-family: monospace;">
<saml:AttributeValue>my email</saml:AttributeValue></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
</saml:Attribute></span><br style="font-family: monospace;">
<span style="font-family: monospace;"> <saml:Attribute
Name="FirstName" NameFormat="urn:oasis:nam</span><br style="font-family:
monospace;">
<span style="font-family: monospace;"> es:tc:SAML:1.1:nameid-format:unspecified"></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
<saml:AttributeValue>User Name</saml:AttributeValue></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
</saml:Attribute></span><br style="font-family: monospace;">
<span style="font-family: monospace;"> <saml:Attribute
Name="LastName"
NameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
<saml:AttributeValue>User Name</saml:AttributeValue></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
</saml:Attribute></span><br style="font-family: monospace;">
<span style="font-family: monospace;"> <saml:Attribute
Name="EntityIdentifier"
NameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
<saml:AttributeValue>8cc99e70-8a05-4fda-a0b8-ea0f24164b27</saml:AttributeValue></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
</saml:Attribute></span><br style="font-family: monospace;">
<span style="font-family: monospace;">
</saml:AttributeStatement></span><br style="font-family:
monospace;">
<span style="font-family: monospace;"> <saml:AuthnStatement
AuthnInstant="2014-03-19T06:39:08.686Z"></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
<saml:AuthnContext></span><br style="font-family: monospace;">
<span style="font-family: monospace;">
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></span><br
style="font-family: monospace;">
<span style="font-family: monospace;">
</saml:AuthnContext></span><br style="font-family: monospace;">
<span style="font-family: monospace;">
</saml:AuthnStatement></span><br style="font-family: monospace;">
<span style="font-family: monospace;"> </saml:Assertion></span><br
style="font-family: monospace;">
<span style="font-family: monospace;"></samlp:Response></span><br>
<br>
i know from browsing the list, it has something to do with
''--id-attrd:ID" but can't seem to figure it out<br>
<br>
thanks for help<br>
<br>
//yousuf<br>
</div>
</blockquote>
</body></html>