File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes XML and Related Technologies and the fly likes Need help in removing Canonicalizing a digitally signed SAML without namespace and new line chars. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » XML and Related Technologies
Bookmark "Need help in removing Canonicalizing a digitally signed SAML without namespace and new line chars." Watch "Need help in removing Canonicalizing a digitally signed SAML without namespace and new line chars." New topic
Author

Need help in removing Canonicalizing a digitally signed SAML without namespace and new line chars.

nandy desikan
Greenhorn

Joined: Apr 02, 2007
Posts: 10
I am using opensaml 1.0 to create saml assertion and digitally sign it. I am able to successfully sign the saml .

There are 3 problems I am facing :

1. Though the digitally signed saml assertion says it is canonicalized as the assertion has the elements
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>, the application team who validate the saml assertion
are saying it is invalid.
2. So, I tried to remove new line characters and carriage returns AFTER signing the SAML. I get a canonical saml assertion but the signature is disrupted.
3. The application team also want the namespaces removed. The namespaces are added to the saml when I create a new instance of the SAMLAssertion class

A good direction at this time will be most welcome. I know I am missing something!!!


I am using JDK 1.4 and tomcat 5.5 server for development. We are using a java keystore to digitally sign the saml. Keystore algorithm is RSA base 2048 bits .
The application team is validating the SAML Assertion I send across using Oxygen xml editor and every time they validate my assertion, it fails due to either of the above 3 reasons.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Need help in removing Canonicalizing a digitally signed SAML without namespace and new line chars.