Gobliins
Gobliins

Reputation: 4026

opensaml 3 signature from saml response is null

Hi i got this errormessage:

net.shibboleth.utilities.java.support.logic.ConstraintViolationException: Signature was null

On validating a SAML response from Azure AD.

For test purpose i saved a response file as xml and found a tag:

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
            <ds:Reference URI="#_97031c65-0139-4047-a416-9495df5d6ed7">
                <ds:Transforms>
                    <ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                <ds:DigestValue>
                    KMaFHRt8inqVYsMGKnAryKUTQUbYGPUDPxdvj6T08OQ=
                </ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>
           .....
        </ds:SignatureValue>
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <X509Data>
                <X509Certificate>
                    ....
                </X509Certificate>
            </X509Data>
        </KeyInfo>
    </ds:Signature>

i unmarshall the XML response:

InitializationService.initialize();
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
String content = new String(Files.readAllBytes(Paths.get("saml_response_azure.xml")));
Document document = docBuilder.parse(new ByteArrayInputStream(content.trim().getBytes()));

Element element = document.getDocumentElement();
Unmarshaller unmarshaller = XMLObjectProviderRegistrySupport.getUnmarshallerFactory().getUnmarshaller(element);
Response response = (Response) unmarshaller.unmarshall(element);

And error is dropped at:

Signature signature = response.getAssertions().get(0).getSignature() // returns null

SAMLSignatureProfileValidator profValidator = new SAMLSignatureProfileValidator();
profValidator.validate(signature);

Upvotes: 2

Views: 2297

Answers (1)

Stefan Rasmusson
Stefan Rasmusson

Reputation: 5595

Ok, I think I found it, it looks like you did not add any implementation dependencies to you POM. When I use your POM and include this dependency, I get the signature object.

  <dependency>
     <groupId>org.opensaml</groupId>
     <artifactId>opensaml-saml-impl</artifactId>
     <version>3.2.0</version>
 </dependency>

The modular structure of the dependencies is a big difference from version 2 of OpenSAML.

Upvotes: 2

Related Questions