This week's book giveaway is in the Design forum.
We're giving away four copies of Design for the Mind and have Victor S. Yocco on-line!
See this thread for details.
Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Need help in removing Canonicalizing a digitally signed SAML without namespace and new line chars.

nandy desikan
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using opensaml 1.0 to create saml assertion and digitally sign it. I am able to successfully sign the saml .

There are 3 problems I am facing :

1. Though the digitally signed saml assertion says it is canonicalized as the assertion has the elements
<ds:CanonicalizationMethod Algorithm=""></ds:CanonicalizationMethod>, the application team who validate the saml assertion
are saying it is invalid.
2. So, I tried to remove new line characters and carriage returns AFTER signing the SAML. I get a canonical saml assertion but the signature is disrupted.
3. The application team also want the namespaces removed. The namespaces are added to the saml when I create a new instance of the SAMLAssertion class

A good direction at this time will be most welcome. I know I am missing something!!!

I am using JDK 1.4 and tomcat 5.5 server for development. We are using a java keystore to digitally sign the saml. Keystore algorithm is RSA base 2048 bits .
The application team is validating the SAML Assertion I send across using Oxygen xml editor and every time they validate my assertion, it fails due to either of the above 3 reasons.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic