Uploaded image for project: 'SX Spring Security Extension'
  1. SX Spring Security Extension
  2. SES-72

Signature on SAML metadata cannot be verified

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: saml-1.0.0.RC1
    • Fix Version/s: saml-1.0.0.RC1
    • Component/s: saml
    • Labels:
      None

      Description

      The metadata XML is "prettyPrintXML"-ed before being served. This invalids the signature in the metadata.
      In src\org\springframework\security\saml\metadata\MetadataDisplayFilter.java, changing line 121 from:
      writer.print(XMLHelper.prettyPrintXML(element));
      To:
      writer.print(XMLHelper.nodeToString(element));
      fixes the issue.
      This might also be fixed by computing the signature ignoring whitespace but I'm not strong in the area of XML sigs.

        Attachments

          Activity

            People

            • Assignee:
              vsch Vladimir Schäfer
              Reporter:
              anon4321 William Miller
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 0.25d
                0.25d
                Remaining:
                Remaining Estimate - 0.25d
                0.25d
                Logged:
                Time Spent - Not Specified
                Not Specified