Here's the xml (with signature), it's a modified SAML token:<br><br><?xml version="1.0"?><br><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="SecurityToken-d3aaac64-7f2d-4250-be09-176bcbcdb41f" ID="SecurityToken-d3aaac64-7f2d-4250-be09-176bcbcdb41f" MajorVersion="1" MinorVersion="1" Issuer="
<a href="http://thomson.com">thomson.com</a>" IssueInstant="2007-09-18T04:44:42Z"><saml:Conditions NotBefore="2007-09-18T04:44:42Z" NotOnOrAfter="2007-09-18T04:54:42Z"/><saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:
1.0:am:password" AuthenticationInstant="2007-09-18T04:44:42Z"><saml:Subject><saml:NameIdentifier Format="<a href="http://security.schemas.tfn.thomson.com/Principal/2007-01-25/#SubId">http://security.schemas.tfn.thomson.com/Principal/2007-01-25/#SubId
</a>">1234</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><saml:AttributeStatement/><Signature xmlns="
<a href="http://www.w3.org/2000/09/xmldsig#">http://www.w3.org/2000/09/xmldsig#</a>"><SignedInfo><CanonicalizationMethod Algorithm="<a href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#
</a>"/><SignatureMethod Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>"/><Reference><Transforms><Transform Algorithm="
<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>"/></Transforms><DigestMethod Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#sha1">
http://www.w3.org/2000/09/xmldsig#sha1</a>"/><DigestValue>zZJ8tOVaDO3PogS6SLWbk3D27g4=</DigestValue></Reference></SignedInfo><SignatureValue>k9AxevEOzbZXCGCl141KzIEv2guu6b2d5i6dYcWL3lvWb5oje0ufkDCJ8vyanO84
<br>cTMOgCcKpJtzx8qFD/sL6ptnMKisQD103NUgnSefzAzgnDLm6Vc8U5UvDkQvecx6<br>fyxVZCXpIiR7Z8QuMbVgGQ/jvJ4F3IRYMPhnlF8Sbfk=</SignatureValue><KeyInfo><X509Data><br><X509Certificate>MIIDCzCCAnSgAwIBAgIDB0LYMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
<br>MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0<br>aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcwNDEzMTY0MzU0WhcNMDkwNDEzMTY0MzU0<br>WjCBlTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhO<br>ZXcgWW9yazEcMBoGA1UEChMTVGhvbXNvbiBDb3Jwb3JhdGlvbjEaMBgGA1UECxMR
<br>VGhvbXNvbiBGaW5hbmNpYWwxJjAkBgNVBAMTHXNlY3VyaXR5LWRldi5zZXJ2aWNl<br>cy50Zm4uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3pO898aOmbK1/<br>+quYg9QzPlSF85JdZQSAjAWbWPe4Tv6CraxGxSUPakImrbtjJuR4b4G0oWBGJ42P<br>yYOsKT/FcSXcpm7HgfoIE7inVMtHxlukpAqpkPyTmpvfpOG9Psczvj9bFB/upkyq
<br>IjOBFupNtgeLNJZo4waYWiswFeq+QQIDAQABo4GuMIGrMA4GA1UdDwEB/wQEAwIE<br>8DAdBgNVHQ4EFgQUvj3lMAx/8CNxDh/pVq62Nj10E9QwOgYDVR0fBDMwMTAvoC2g<br>K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5jcmwwHwYD<br>VR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0lBBYwFAYIKwYBBQUH
<br>AwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBAAQ/bvOU5DiOvYimTEYkxqHO<br>ZC1ylXTMFs6xDzcDZ0rf0AxD4IzPUbXKHdb16JJ5p/MET9K7TcFr6CKBQh9ANUAS<br>Q+eaw0BzhGgoxV8+IxVheRx34V1Vf+v6jA8xPa3d8fEbH2jFLZ/MPVPSGRFzD0fa<br>5ieETYx60WhVp1kT3G7R</X509Certificate>
<br></X509Data></KeyInfo></Signature></saml:Assertion><br><br><br><br><div class="gmail_quote">On Dec 4, 2007 2:03 AM, Aleksey Sanin <<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>
> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">xmlSecOpenSSLAppKeyLoadMemory() ???<br><br>Aleksey<br><div><div></div><div class="Wj3C7c">
<br>Jim Nutt wrote:<br>> Ok, I'm pulling my hair out on this one. I'm trying to verify an xml<br>> signature based on the x509 certificate embedded in the keyinfo and I<br>> can not get it to work. If I verify using the same pem file I used for
<br>> signing, it verifies ok, so I know the signature is valid. The problem<br>> is getting it to validate without going to the original pem file. I've<br>> tried the straight forward method of letting xmlSecDSigVerify load the
<br>> key, but it can't find the key in signature. I've even tried writing the<br>> base64 data to a file (bracketed with -----BEGIN CERTIFICATE----- and<br>> -----END CERTIFICATE-----) and then loading that file as the
<br>> certificate. It refuses to read the file. And yes, I know the file is a<br>> valid pem file because openssl x509 -in filename -text reads it just fine.<br>><br>> Any suggestions would be greatly appreciated, as I'm on a time crunch on
<br>> this (now... wasn't when I started... *sigh*)<br>><br>> --<br>> Jim Nutt<br></div></div>> <a href="http://jim.nuttz.org" target="_blank">http://jim.nuttz.org</a> <<a href="http://jim.nuttz.org" target="_blank">
http://jim.nuttz.org</a>><br>><br>><br>> ------------------------------------------------------------------------<br>><br>> _______________________________________________<br>> xmlsec mailing list<br>
> <a href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a><br>> <a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a><br></blockquote></div><br>
<br clear="all"><br>-- <br>Jim Nutt<br><a href="http://jim.nuttz.org">http://jim.nuttz.org</a>