You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by "Deitos, Rafael" <ra...@sap.com> on 2006/08/29 17:47:10 UTC
SAML Token Signed Verification Problem
Hi,
I'm trying to implement an example using the WSS4J library for SAML
Tokens.
I'm currently using the following:
+ WSS4J 1.5.0
+ XMLSec 1.3.0
+ Axis 1.3 or 1.4
All libs from the WSS4J other libs zip file.
If I try to use the DoAllSender/Receiver for a SAMLTokenSigned I receive
a XMLSignature error (using the example from the wss4j distribution)
I have my handler that creates a SAML token with an attribute statement
and the holder-of-key confirmation method.
I have in both sides, client and server the configured keystores.
If I call my client handler and add the signed token and right after
call the service handler (without sending to axis service) to verify the
message (the same idea of the TestCases from WSS4J) everything works:
the WSSecurityEngine verifies the signature of the message and when I
verify the signature of the SAMLAssertion (using the method from
org.opensaml.SAMLAssertion.verify(key) ) it's OK.
Although, if I send the message to the service the signature is OK but
the SAMLAssertion.verify() is not ok. I receive the following error:
###########
org.opensaml.InvalidCryptoException: SAMLSignedObject.verify() failed to
validate signature value
###########
And there's no way of make this work. I have already tried everything
that I knew.
The possibility of any change during the transport is descarted (I
think) because I tested signature with/without encryption and everything
goes all right for the DoAll handlers and for mine.
Is there any special issue that I have to consider when using the SAML
tokens???
Can you PLEASE point to some direction...
Attached I'm sending the message, the log of tomcat, and my handlers.
Thanks in advance!!!! <<tomcatLOG.txt>> <<request.xml>>
<<ServiceHandler.java>> <<ClientHandler.java>> <<SAMLIssuerImpl.java>>
_____________________________________________
Rafael J. Deitos
SAP AG
SAP Research, CEC Karlsruhe
Vincenz-Priessnitz-Strasse 1
D 76131 Karlsruhe - Germany
T +49-721-6902-42
F +49-6227-78-46551
H +49-176-6749-7819
E rafael.deitos@sap.com <ma...@sap.com>