[xmlsec] Issues using xmlsec for SAML
Dave Chapman
dave at dchapman.com
Mon May 26 13:36:18 PDT 2008
Hi,
The application I'm working on receives XML documents from a third
party, and I need to verify the signature to both test message integrity
and to ensure that it has come from this specific third party.
The entire certificate chain, excluding the root certificate (belonging
to a commercial CA), is embedded in the X509Data element in the signature.
I can verify the signature successfully, but the only result I can seem
to get from xmlsec is "success". I haven't managed to find a way to
extract the Subject/Issuer information from the certificate chain used
to verify the signature.
If I call the function xmlSecKeyDebugDump after the signature has been
verified, then I can see the required information displayed, but after
following that function in the xmlsec source, I see it goes down to the
level of using openssl functions, and there doesn't appear to be any way
to access that information via the xmlsec API (apart from the various
DebugDump functions).
Am I missing something? Is there a way I can limit my program to only
accept files signed by a particular entity? Or is the only way to use
openssl's functions to access this information?
My workaround for the moment is to parse the output of the
xmlSecKeyDebugDump function in Perl, but I'm assuming that's not the
intended way to do things...
Regards,
Dave.
More information about the xmlsec
mailing list