[xmlsec] namespace definition significant ?
aleksey at aleksey.com
Wed Apr 13 07:24:04 PDT 2011
You are correct - it is hard to say something w/o having a big picture :)
One these two links should help you to figure out what exactly should be
On 4/13/11 7:20 AM, Roland Hedberg wrote:
> Hmm, looking at the XML again I'm not so sure anymore.
> Sorry, I might have misled you, not giving you the whole picture.
> The fact is that what I'm verifying is a SAML Response where the Assertion is signed.
> The whole document contains a xmlns:xsi specification, namely at the top, in the Response element.
> But if you only look at the Assertion element by itself there is none.
> The Assertion element is a child to the Response element, hence it doesn't have to have the xmlns:xsi specification since a parent has it.
> The same goes for the Attributes elements that exist below the Assertion element.
> But this is only if you look at the Reponse as a XML document.
> Does the fact that the Assertion element is a signed element force the inclusion of a xmlns:xsi specification in the Assertion tree ?
> Ignoring what is defined in unsigned parent elements ?
> Phrased differently *MUST* the Assertion element be self contained ?
> On Apr 13, 2011, at 15:42, Aleksey Sanin wrote:
>> On 4/13/11 6:41 AM, Roland Hedberg wrote:
>>> Trying to find out why a signature verification failed.
>>> So, I compared what I got and what xmlsec1 has as predigest data.
>>> Nothing that I could see except for the fact that xmlsec1 in the predigest data has add xmlns specifications for xsi.
>>> <ns1:Attribute FriendlyName="eduPersonEntitlement" Name="urn:oid:188.8.131.52.4.1.59184.108.40.206.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><ns1:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">foo</ns1:AttributeValue></ns1:Attribute>
>>> The original was:
>>> <ns1:Attribute FriendlyName="eduPersonEntitlement" Name="urn:oid:220.127.116.11.4.1.5918.104.22.168.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><ns1:AttributeValue xsi:type="xs:string">foo</ns1:AttributeValue></ns1:Attribute>
>>> Is this significant ??
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
More information about the xmlsec