[xmlsec] xmlsec encrypt xpath

Aleksey Sanin aleksey at aleksey.com
Fri May 22 13:28:27 PDT 2009 

Yeah, unfortunately, command line tool is not very friendly to
namespaces in xpath. I think the only option to get what you want
is to use local-name() in the XPath expression.

Aleksey

Cook, Sean D (Genworth) wrote:
> Greetings! 
> 
>  
> 
> I am trying to encrypt an element of a saml artifact (the assertion)… I 
> have tried using the following xpath:
> 
>  
> 
> --node-xpath /samlp:Response/saml:Assertion
> 
>  
> 
> This works in perls XML::XPath to identify the appropriate node, but I 
> get an undefined namespace prefix when trying to encrypt.  I have pared 
> down the xml to make sure there was nothing interfering and still no luck:
> 
>  
> 
> /apps/xmlsec/bin/xmlsec1 encrypt --privkey-pem keys/private.key  
> --pubkey-pem keys/pub.key  --session-key des-192  --xml-data 
> saml-artifact.xml --output doc-encrypted-xpath.xml --node-xpath 
> /samlp:Response/saml:Assertion session-key-template.xml
> 
> XPath error : Undefined namespace prefix
> 
> xmlXPathEval: evaluation failed
> 
> Error: failed to evaluate xpath expression
> 
> Error: failed to load file "saml-artifact.xml"
> 
> Error: failed to encrypt file with template "session-key-template.xml"
> 
>  
> 
> # content of saml-artifact.xml
> 
> <?xml version="1.0" encoding="UTF-8"?>
> 
> <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
> ID="djlmjbkjflgnbankboaepihbcckcgcpkmlgfmbpc" Version="2.0" 
> IssueInstant="2009-05-22T18:23:51Z" 
> Destination="https://somedestination/post">
> 
>     <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
> Version="2.0" xml:id="ngaognjiljmkbelegfgnighebokoakanaalhnepj" 
> ID="ngaognjiljmkbelegfgnighebokoakanaalhnepj" 
> IssueInstant="2009-05-22T18:23:51Z">
> 
>     </saml:Assertion>
> 
> </samlp:Response>
> 
>  
> 
> Can you point me in the right direction?
> 
>  
> 
>  
> 
>  
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list