Reputation: 13537
When using xml signatures the whole xml document is jumbled
I am using xml signatures to validate saml request :
The initial saml request before signing :
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID
="abc" Version="2.0" IssueInstant="2012-04-14T8:55:05:31" ProtocolBinding="urn:o
asis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://l
ocalhost:8080/consumer.jsp"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0
:assertion">http://localhost:8080/saml/SProvider.jsp</saml:Issuer></samlp:AuthnR
equest>
After signing the xml document and then converting it into string(using transformer) I am getting the following:
<?xml version="1.0" encoding="UTF-8" standalone="no"?><samlp:AuthnReques
t xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL
="http://localhost:8080/consumer.jsp" ID="abc" IssueInstant="2012-04-14T8:55:05:
31" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.
0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localh
ost:8080/saml/SProvider.jsp</saml:Issuer><Signature xmlns="http://www.w3.org/200
0/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/
TR/2001/REC-xml-c14n-20010315#WithComments"/><SignatureMethod Algorithm="http://
www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI=""><Transforms><Transform A
lgorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><
DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>J
QV+Gff3C0PDb5zbaB62ItqWaJ/yIFgOVfANUehlJpQ=</DigestValue></Reference></SignedInf
o><SignatureValue>PJCFgkGUlQiOVn6g0hTgbbHkqOGAKB5sA8QjcdKrR5R9zuyn9ymfFZMo1jqpxU
//#here 3UOCz1BcxsWt6+
CSFSAS0SaQstuN8ns/5ltIYu3LFUrpIT4eRHxbYEjf+CFj0c08lFB+BLK3Tx3vEi7nQF+X1rUvZX
XZEUmaAMLqNdhRSqurY=</SignatureValue></Signature></samlp:AuthnRequest>
As you can see the first attribute in the initial string is ID But after signing the first attrubute is AssertionConsumerServiceURL. Why is getting jumbled? Moreover in the signed document see #here(third line from last), there is a line break. Why is there a line break.I don't think encrypted values contain line breaks. I don't understand what is happening. Please help.
Upvotes: 1
Views: 771
Answers (2)
Reputation: 13537
Refer this link. error due to xml signature . Most of it says that xml signatures cannot guarantee you the ordering of the xml tags. It also says that this is due to the canonicalization. But I am not sure of that. One thing I came to know is that it is not uncommon when using xml signatures.
Upvotes: 1
Reputation: 56477
In order for a signature to be calculated, the XML file must be canonicalized. It must be in a standard format for the receiving application to verify the signature.
But, I don't think it needs to be sent canonicalized; since the receiving application must also canonicalize the XML to calculate the signature for verification. So, you can try to reformat it after signing it. But I don't know if that will work, so test it thoroughly.
Upvotes: 2
Related Questions
- Xml signatures verifies OK in .NET but fails in Java
- XML Signature Value mismatch issue
- XML Signature validations fails
- Different XML signature between Apache Santuario and Java XML Digital Signature API
- XML signature validation fails in java
- Xml document signature not valid after deserialization from byte array
- XML Digital Signature Validation throws ResourceResolverException - Post Java Upgrade
- error due to xml signature
- How do you parse the Signature element from a SAML response using xmlcrypto?
- Wrong digest value for xml signatures using Java XML Digital Signature API