[xmlsec] Verify XML signature with multiple KeyName

Leif Johansson leifj at mnt.se
Fri Jun 29 08:37:32 PDT 2018

This feels more like a saml issue ... having said that...

On 2018-06-29 16:32, Paolo Smiraglia wrote:
> Hi guys, my name is Paolo.
> I'm trying to verify the signature of an SP (service provider) SAML
> metadata, which was signed with "samlsign" tool and using a
> certificate with two subjectAlternativeNames. Unfortunately, I receive
> the following error


> The error seems to be related to multiple <KeyName> tags nested within
> <KeyInfo>. Indeed, if I resign the same document with a certificate
> that has only one alternative name, the resulting signature has just
> one <KeyName> and xmlsec verifies correctly.
> Otherwise, if I try to verify both the signed document with samlsign
> or xmlsectool, everything goes well.

My guess is that Scott just tries to iterate over all possible
combinations... Is this a key rollover situation btw?

> Do you have something to suggest? Thanks!

What saml profile is this trying to comply with? Is it perhaps eIDAS?

	Cheers Leif

> Bests,
>    Paolo

More information about the xmlsec mailing list