[xmlsec] unable to dereference URI

Jeffrey Jin (jefjin) jefjin at cisco.com
Wed Jul 31 00:25:01 PDT 2013


Hi xmlsec team,

I use xmlsec library to verify signature whether correct. But when saml response include "<ds:Reference URI="#s29c0153b613859ac1c788536d2a924d65e643b308" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">"
I got the error:


func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 library function failed:expr=xpointer(id('s29c0153b613859ac1c788536d2a924d65e643b308'))
func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec library function failed:
func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec library function failed:
func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2405:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1236:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed:transform=xpointer
func=xmlSecTransformCtxExecute:file=transforms.c:line=1296:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed:
func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed:
func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function failed:node=Reference
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function failed:
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed:
Error: signature verification failed


I found the answer of similar issue from http://www.aleksey.com/xmlsec/faq.html

So I add the DTD:

<!DOCTYPE test [
<!ATTLIST ds:Reference URI ID #IMPLIED>
]>

But it doesn't work. Someone can help me out.

Thanks in advance.


-Jeffrey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20130731/6c070329/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: responsedecode.xml
Type: application/xml
Size: 6133 bytes
Desc: responsedecode.xml
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20130731/6c070329/attachment.xml>


More information about the xmlsec mailing list