SAML2 API / Patches / #2 Update to make signature verification work with xmlsec 1.5

#2 Update to make signature verification work with xmlsec 1.5

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2013-02-07

Created: 2013-02-07

Creator: Leiv Hellebo

Private: No

Using jsr105Provider from xmlsec 1.5.X does not work with saml2api 1.1.1, due to "[m]ajor changes to how Elements are resolved" [1,2] .

"The user is now responsible for registering any same-Document Elements by Id, which must be resolved as part of the signature creation/validation process." [2]

xmlsec:ResolverFragment now uses org.w3c.dom.Document.getElementById() to find the (saml:Assertion) element with the right ID attribute. In order for this to work, the ID attribute of the saml:Assertion node has to be registered as an ID.

The patch is tested with xmlsec 1.5.1 and 2 (bundled with JBoss EAP 6.0.0 and 6.0.1) and xmlsec 1.5.3. It is also tested with *not* setting jsr105Provider, thereby falling back on org.jcp.xml.dsig.internal.dom.XMLDSigRI

1: http://coheigea.blogspot.no/2011/12/apache-santuario-xml-security-for-java.html
2: http://coheigea.blogspot.no/2012/01/apache-santuario-xml-security-for-java.html

Discussion

Leiv Hellebo - 2013-02-07

xmlsec15.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Update to make signature verification work with xmlsec 1.5

Group

Searches

Help

#2 Update to make signature verification work with xmlsec 1.5

Discussion