[xmlsec] xmlsec returns error when trying to validate SAML response

Aleksey Sanin aleksey at aleksey.com
Tue Mar 1 09:30:18 PST 2016


FAQ, section 3.2 (if I recall correctly).

Aleksey

On 3/1/16 8:57 AM, Artur Rychlewicz wrote:
> 
> 
> Hello,
> 
> I've been trying to use xmlsec1 to validate signed XML response
> containing SAML data.
> 
> When I execute:
> 
> xmlsec1 --verify test.xml
> 
> I receive following stack trace:
> 
> func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2
> library function
> failed:expr=xpointer(id('uuid-73c06e86-88d2-4204-91f4-3d484bc782cc'))
> func=xmlSecXPathDataListExecute:file=xpath.c:line=373:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec
> library function failed:
> func=xmlSecTransformXPathExecute:file=xpath.c:line=483:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec
> library function failed:
> func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2411:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec
> library function failed:
> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1242:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec
> library function failed:transform=xpointer
> func=xmlSecTransformCtxExecute:file=transforms.c:line=1302:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec
> library function failed:
> func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1589:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec
> library function failed:
> func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=822:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec
> library function failed:node=Reference
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=563:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec
> library function failed:
> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=382:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec
> library function failed:
> Error: signature failed
> ERROR
> SignedInfo References (ok/all): 0/1
> Manifests References (ok/all): 0/0
> Error: failed to verify file "test.xml"
> 
> I do not know how XML signatures work, but I presume that the ID was
> taken from <saml2p:Response> tag which contains ID with value of
> "uuid-73c06e86-88d2-4204-91f4-3d484bc782cc".  <saml2p:Response> element
> contains <ds:Signature> element which in turn contains <ds:Reference>
> with parameter URI="#uuid-73c06e86-88d2-4204-91f4-3d484bc782cc".
> 
> Since I do not need this value/data, I'd like to check signature of
> <saml2:Assertion> element which also contains it's own <ds:Signature> value.
> 
> That said, I'd like to ask you for instruction how to validate element I
> need. Thank you in advance.
> 
> Best regards,
> Artur Rychlewicz
> 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
> 


More information about the xmlsec mailing list