[xmlsec] Issues using xmlsec for SAML
aleksey at aleksey.com
Mon May 26 13:56:57 PDT 2008
You have to use OpenSSL, NSS, or any other crypto provider functions
to access this information.
Dave Chapman wrote:
> The application I'm working on receives XML documents from a third
> party, and I need to verify the signature to both test message integrity
> and to ensure that it has come from this specific third party.
> The entire certificate chain, excluding the root certificate (belonging
> to a commercial CA), is embedded in the X509Data element in the signature.
> I can verify the signature successfully, but the only result I can seem
> to get from xmlsec is "success". I haven't managed to find a way to
> extract the Subject/Issuer information from the certificate chain used
> to verify the signature.
> If I call the function xmlSecKeyDebugDump after the signature has been
> verified, then I can see the required information displayed, but after
> following that function in the xmlsec source, I see it goes down to the
> level of using openssl functions, and there doesn't appear to be any way
> to access that information via the xmlsec API (apart from the various
> DebugDump functions).
> Am I missing something? Is there a way I can limit my program to only
> accept files signed by a particular entity? Or is the only way to use
> openssl's functions to access this information?
> My workaround for the moment is to parse the output of the
> xmlSecKeyDebugDump function in Perl, but I'm assuming that's not the
> intended way to do things...
> xmlsec mailing list
> xmlsec at aleksey.com
More information about the xmlsec