You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by David Yu <ts...@gmail.com> on 2013/05/18 00:39:15 UTC

Empty Reference URI

Dear Santuario developers,
I tried to sign the SAML request but I got the empty Reference URI.
The sample.xml that client sent me has <ds:Reference
URI="#_85a81f6ddcb407a62b980891e3507f13"> which matches the RequestID in
SAMLRequest.
However, when I try to sign the request, I get the empty Reference URI.

Could someone show me how can I make it happen to create an non-empty
Reference URI?

Attached please find the code SignRequest.java that I used to sign
request.xml.
sample.xml is the sample that client sent me and it has non-empty Reference
URI.

Thank you
David

RE: Empty Reference URI

Posted by "Cantor, Scott" <ca...@osu.edu>.

> There is nothing wrong with the generated Signature. The empty reference
> URI in conjunction with the enveloped signature transform, points to the
> parent Element of the Signature. So it's a perfectly valid Signature.

It's not a valid SAML signature, however. (Not that this answers the OP's question, but the OP is in fact obligated to use an ID reference.

-- Scott

Re: Empty Reference URI

Posted by Colm O hEigeartaigh <co...@apache.org>.

There is nothing wrong with the generated Signature. The empty reference
URI in conjunction with the enveloped signature transform, points to the
parent Element of the Signature. So it's a perfectly valid Signature.

Colm.


On Fri, May 17, 2013 at 11:39 PM, David Yu <ts...@gmail.com> wrote:

> Dear Santuario developers,
> I tried to sign the SAML request but I got the empty Reference URI.
> The sample.xml that client sent me has <ds:Reference
> URI="#_85a81f6ddcb407a62b980891e3507f13"> which matches the RequestID in
> SAMLRequest.
> However, when I try to sign the request, I get the empty Reference URI.
>
> Could someone show me how can I make it happen to create an non-empty
> Reference URI?
>
> Attached please find the code SignRequest.java that I used to sign
> request.xml.
> sample.xml is the sample that client sent me and it has non-empty
> Reference URI.
>
> Thank you
> David
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Re: Empty Reference URI

Posted by Colm O hEigeartaigh <co...@apache.org>.

It's producing an empty reference URI as that's what you're supplying:

sig.addDocument("", transforms, MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1);

Try adding the correct URI for the first argument here.

Colm.


On Fri, May 17, 2013 at 11:39 PM, David Yu <ts...@gmail.com> wrote:

> Dear Santuario developers,
> I tried to sign the SAML request but I got the empty Reference URI.
> The sample.xml that client sent me has <ds:Reference
> URI="#_85a81f6ddcb407a62b980891e3507f13"> which matches the RequestID in
> SAMLRequest.
> However, when I try to sign the request, I get the empty Reference URI.
>
> Could someone show me how can I make it happen to create an non-empty
> Reference URI?
>
> Attached please find the code SignRequest.java that I used to sign
> request.xml.
> sample.xml is the sample that client sent me and it has non-empty
> Reference URI.
>
> Thank you
> David
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com