<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><br><br><div><div dir="ltr">Hello,<br><br>I've been trying to use xmlsec1 to validate signed XML response containing SAML data.<br><br>When I execute:<br><br><font style="font-size:10pt;" size="2" face="Courier New,sans-serif">xmlsec1 --verify test.xml</font><br><br>I receive following stack trace:<br><br><font style="font-size:10pt;" size="2" face="Courier New,sans-serif">func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 library function failed:expr=xpointer(id('uuid-73c06e86-88d2-4204-91f4-3d484bc782cc'))</font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><br></font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif">func=xmlSecXPathDataListExecute:file=xpath.c:line=373:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec library function failed:</font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><br></font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif">func=xmlSecTransformXPathExecute:file=xpath.c:line=483:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec library function failed:</font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><br></font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif">func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2411:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:</font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><br></font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif">func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1242:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed:transform=xpointer</font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><br></font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif">func=xmlSecTransformCtxExecute:file=transforms.c:line=1302:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed:</font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><br></font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif">func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1589:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed:</font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><br></font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif">func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=822:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function failed:node=Reference</font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><br></font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif">func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=563:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function failed:</font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><br></font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif">func=xmlSecDSigCtxVerify:file=xmldsig.c:line=382:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec library function failed:</font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><br></font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif">Error: signature failed</font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><br></font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif">ERROR</font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><br></font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif">SignedInfo References (ok/all): 0/1</font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><br></font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif">Manifests References (ok/all): 0/0</font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><br></font><font style="font-size:10pt;" size="2" face="Courier New,sans-serif">Error: failed to verify file "test.xml"<br></font><br>I do not know how XML signatures work, but I presume that the ID was taken from <font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><saml2p:Response></font> tag which contains ID with value of "uuid-73c06e86-88d2-4204-91f4-3d484bc782cc". <font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><saml2p:Response></font> element contains <font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><ds:Signature></font> element which in turn contains <ds:Reference> with parameter URI="#uuid-73c06e86-88d2-4204-91f4-3d484bc782cc"<font style="" face="Courier New,sans-serif">.<br><br></font><font style="font-size:12pt;" size="3">Since I do not need this value/data, I'd like to check signature of <font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><saml2:Assertion></font> element which also contains it's own <font style="font-size:10pt;" size="2" face="Courier New,sans-serif"><ds:Signature></font> value.<br><br></font><font style="font-size:12pt;" size="3">That said, I'd like to ask you for instruction how to validate element I need. Thank you in advance.<br><br>Best regards,<br>Artur Rychlewicz<br></font><font style="" face="Courier New,sans-serif"></font> </div></div><style><!--
.ExternalClass .ecxhmmessage P {
padding:0px;
}
.ExternalClass body.ecxhmmessage {
font-size:12pt;
font-family:Calibri;
}
--></style> </div></body>
</html>