[xmlsec] Problem wtih xml namespace

Aleksey Sanin aleksey at aleksey.com
Sat Feb 15 11:29:14 PST 2014 

You didn't show the most interesting part - the ds:KeyInfo node

Aleksey

On 2/14/14, 9:19 AM, sébastien spilmann wrote:
> Hello,
> 
> I have a problem verifying a signature and that seems to be cause by
> namespace.
> 
> My xml is something like this :
> <Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol"
> Destination="https://www.concursolutions.com/SAMLRedirector/ClientSAMLLogin.aspx"
> ID="_fe9537697781d3b3539fd23e4c027e4e5150"
> IssueInstant="2013-07-23T18:44:40Z" Version="2.0">
>     <ns1:Issuer xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion"
> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://www.alcatel-lucent.com/wps/portal</ns1:Issuer>
>     <Status>
>         <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
>     </Status>
>     <ns2:Assertion xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion"
> ID="_ce339b73d43307de102c421fddef59aaa8c4"
> IssueInstant="2013-07-23T18:44:40Z" Version="2.0">
>         <ns2:Issuer
> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://www.alcatel-lucent.com/wps/portal</ns2:Issuer><ds:Signature
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <ds:Reference URI="#_ce339b73d43307de102c421fddef59aaa8c4">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>avA6FiiMVjEe3rPNfuwXBt+FH6c=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> DlWzq6dS+FlGO6HYc0uBRhJ6nRQ2aIE/UP0vnM2MENOvR/n8/xEAz0QjPAEKxjfCd1R1XU+B6uKw
> 1XKT0Ku8jFNms6FwesDhabUvY6Nt9iLTabNynF33O9YGVxYELNwnKKFBS1Oj2aKbQ3Z5CyAH0xwc
> KH6ht7ppL9OD3CX65Sk=
> </ds:SignatureValue>
> <ds:KeyInfo>
> <ds:X509Data>
> ....
> 
> if i try to verify , i have the error :
> "func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
> is not found:"
> 
> If i change all ns1 and ns2  namespace by ds namespace, the verify
> function works but the digest is not correct
> 
> How could i do my code works with ns1 and ns2 ?
> 
> Sébastien
> 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>

More information about the xmlsec mailing list