[xmlsec] xmlsec and SAML (again)

Phil Christensen pchristensen at newworldrecords.org
Thu Aug 30 12:46:09 PDT 2007 

Hello all!

My name is Phil Christensen. I've been working with the Python  
bindings for the xmlsec library, and I've run into an issue that I  
see much discussed online, but cannot seem to find an answer for.

I'm trying to validate the signature on a SAML response message, but  
having problems because the signature refers to an ID in the  
enclosing document. There's a thread about it here:

	http://www.aleksey.com/pipermail/xmlsec/2007/003806.html

The short version is that when I attempt to verify the signature, I  
get the following errors:


	func=xmlSecXPathDataExecute:file=xpath.c:line=273:
		obj=unknown:subj=xmlXPtrEval:error=5:
			libxml2 library function failed:
				expr=xpointer(id('ac26828d19f8dba20bee0f5b90807edc'))
	func=xmlSecXPathDataListExecute:file=xpath.c:line=356:
		obj=unknown:subj=xmlSecXPathDataExecute:error=1:
			xmlsec library function failed:
	func=xmlSecTransformXPathExecute:file=xpath.c:line=466:
		obj=xpointer:subj=xmlSecXPathDataExecute:error=1:
			xmlsec library function failed:
	func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2371:
		obj=xpointer:subj=xmlSecTransformExecute:error=1:
			xmlsec library function failed:
	func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1207:
		obj=unknown:subj=xmlSecTransformPushXml:error=1:
			xmlsec library function failed:transform=xpointer
	func=xmlSecTransformCtxExecute:file=transforms.c:line=1267:
		obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:
			xmlsec library function failed:
	func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1568:
		obj=unknown:subj=xmlSecTransformCtxExecute:error=1:
			xmlsec library function failed:
	func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:
		obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:
			xmlsec library function failed:node=Reference
	func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:
		obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:
			xmlsec library function failed:
	func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:
		obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:
			xmlsec library function failed:


 From what I gather, there's a xmlAddID() function in libxml2 that  
allows you to manually register an entity for an existing ID, but  
it's not exposed by either the libxml2 or xmlsec Python bindings.

I'm just looking for any help at all in getting to the next step on  
this. I know that this list is more specific to the original C  
library than any of the higher-level bindings, but I figured this  
would be the best place to start.

At the very least, it would be great if I could get a better  
understanding of what the problem actually is, so that I can direct  
my questions to the appropriate people.

Thanks in advance,

-phil christensen

More information about the xmlsec mailing list