Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: None
    • Fix Version/s: saml-1.0.0.RC1
    • Component/s: saml
    • Labels:
      None

      Description

      In AbstractProfileBase, this method is used to verify the signature of a message:

      protected void verifySignature(Signature signature, String IDPEntityID) throws org.opensaml.xml.security.SecurityException, ValidationException {
      SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator();
      validator.validate(signature);
      CriteriaSet criteriaSet = new CriteriaSet();
      criteriaSet.add(new EntityIDCriteria(IDPEntityID));
      criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
      criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
      log.debug("Verifying signature", signature);
      trustEngine.validate(signature, criteriaSet);
      }

      However, trustEngine.validate (SignatureTrustEngine.validate) returns "false" if the signature is invalid, rather than throwing a ValidationException as I believe this method is expecting. According to the javadoc for this method:

      • @return true if the signature was valid for the provided content
      • @throws SecurityException thrown if there is a problem attempting to verify the signature such as the signature
      • algorithim not being supported

        Issue Links

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              vsch Vladimir Schäfer
              Reporter:
              philvarner Phil Varner
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development