[xmlsec] Problem wtih xml namespace

sébastien spilmann sspilmann at webxy.com
Fri Feb 14 09:19:06 PST 2014 

Hello,

I have a problem verifying a signature and that seems to be cause by
namespace.

My xml is something like this :
<Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol" Destination="
https://www.concursolutions.com/SAMLRedirector/ClientSAMLLogin.aspx"
ID="_fe9537697781d3b3539fd23e4c027e4e5150"
IssueInstant="2013-07-23T18:44:40Z" Version="2.0">
    <ns1:Issuer xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
http://www.alcatel-lucent.com/wps/portal</ns1:Issuer>
    <Status>
        <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </Status>
    <ns2:Assertion xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_ce339b73d43307de102c421fddef59aaa8c4"
IssueInstant="2013-07-23T18:44:40Z" Version="2.0">
        <ns2:Issuer
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
http://www.alcatel-lucent.com/wps/portal</ns2:Issuer><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_ce339b73d43307de102c421fddef59aaa8c4">
<ds:Transforms>
<ds:Transform Algorithm="
http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>avA6FiiMVjEe3rPNfuwXBt+FH6c=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
DlWzq6dS+FlGO6HYc0uBRhJ6nRQ2aIE/UP0vnM2MENOvR/n8/xEAz0QjPAEKxjfCd1R1XU+B6uKw
1XKT0Ku8jFNms6FwesDhabUvY6Nt9iLTabNynF33O9YGVxYELNwnKKFBS1Oj2aKbQ3Z5CyAH0xwc
KH6ht7ppL9OD3CX65Sk=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
....

if i try to verify , i have the error :
"func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
is not found:"

If i change all ns1 and ns2  namespace by ds namespace, the verify function
works but the digest is not correct

How could i do my code works with ns1 and ns2 ?

Sébastien
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20140214/318f6db1/attachment.html>

More information about the xmlsec mailing list