[xmlsec] Issues using xmlsec for SAML

Aleksey Sanin aleksey at aleksey.com
Mon May 26 13:56:57 PDT 2008

You have to use OpenSSL, NSS, or any other crypto provider functions
to access this information.


Dave Chapman wrote:
> Hi,
> The application I'm working on receives XML documents from a third 
> party, and I need to verify the signature to both test message integrity 
> and to ensure that it has come from this specific third party.
> The entire certificate chain, excluding the root certificate (belonging 
> to a commercial CA), is embedded in the X509Data element in the signature.
> I can verify the signature successfully, but the only result I can seem 
> to get from xmlsec is "success".  I haven't managed to find a way to 
> extract the Subject/Issuer information from the certificate chain used 
> to verify the signature.
> If I call the function xmlSecKeyDebugDump after the signature has been 
> verified, then I can see the required information displayed, but after 
> following that function in the xmlsec source, I see it goes down to the 
> level of using openssl functions, and there doesn't appear to be any way 
> to access that information via the xmlsec API (apart from the various 
> DebugDump functions).
> Am I missing something?  Is there a way I can limit my program to only 
> accept files signed by a particular entity?  Or is the only way to use 
> openssl's functions to access this information?
> My workaround for the moment is to parse the output of the 
> xmlSecKeyDebugDump function in Perl, but I'm assuming that's not the 
> intended way to do things...
> Regards,
> Dave.
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list