I'm signing a SAML token with an X509 certificate, and getting what looks like a good signature except for one issue that seems relatively small, but that is causing me a huge headache. My signature looks like this:
<Signature xmlns="http://ift.tt/uq6naF">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://ift.tt/y9fQ1c" />
<SignatureMethod Algorithm="http://ift.tt/zf1Wx4" />
<Reference URI="#[removed]">
<Transforms>
<Transform Algorithm="http://ift.tt/A1C4L2" />
</Transforms>
<DigestMethod Algorithm="http://ift.tt/yuvO4a" />
<DigestValue>S4...ku4=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>oav...T7E=</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MII...KFl</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
What I need is to add a namespace, ds, so that the signature looks like this:
<ds:Signature xmlns:ds="http://ift.tt/uq6naF">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://ift.tt/y9fQ1c" />
<ds:SignatureMethod Algorithm="http://ift.tt/zf1Wx4" />
<ds:Reference URI="#[removed]">
<ds:Transforms>
<ds:Transform Algorithm="http://ift.tt/A1C4L2" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://ift.tt/yuvO4a" />
<ds:DigestValue>S4...ku4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>oav...T7E=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MII...KFl</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
It seems like this should be something I could do during while computing the signature or importing the signature block back into the existing XML document, but, for the life of me, I can't figure out how I should be doing it. I've searched online and found several people having this issue, but haven't found a good example on how to fix the problem.
No comments:
Post a Comment