Metadata signature accepted by xmlsectool, not by SP
Cantor, Scott
cantor.2 at osu.edu
Mon May 9 16:38:37 EDT 2016
> I nave validation configured on the MetadataProvider
>
> <MetadataProvider type="XML"
> uri="http://idp-test.grnoc.iu.edu/metadata/grnoc.xml"
Did you compare the file you're giving the Java code byte for byte with whatever lives at that URL?
Hashing is would be a simple way to see if it's different at all.
You can certainly try loading the file locally into the SP to see if that changes the results and rule out some things.
> What am I doing wrong signing this? I'm wanting to use a short script to
> assemble metadata from various SPs and sign
> them using https://github.com/mehcode/python-xmlsec/, but I've also tried
> signing with xmlsectool and get the same
> results. The SP I'm using to try to validate it is version 2.5.6 on CentOS 6.
There's nothing I can really tell you, the only ways to debug a signature are mentioned in the wiki, but you'd have to know the spec to make much headway with it, it's about comparing the octets between various steps and being able to spot whatever is subtly changing.
-- Scott
More information about the users
mailing list