[xmlsec] unable to dereference URI
Aleksey Sanin
aleksey at aleksey.com
Wed Jul 31 11:00:09 PDT 2013
You need to define ID attribute to the element where it is specified,
not to the Reference element where it is used
Aleksey
On 7/31/13 12:25 AM, Jeffrey Jin (jefjin) wrote:
> Hi xmlsec team,
>
> I use xmlsec library to verify signature whether correct. But when saml
> response include "<ds:Reference
> URI="#s29c0153b613859ac1c788536d2a924d65e643b308"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">"
> I got the error:
>
> func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 library function failed:expr=xpointer(id('s29c0153b613859ac1c788536d2a924d65e643b308'))
> func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec library function failed:
> func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec library function failed:
> func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2405:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:
> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1236:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed:transform=xpointer
> func=xmlSecTransformCtxExecute:file=transforms.c:line=1296:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed:
> func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed:
> func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function failed:node=Reference
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function failed:
> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed:
> Error: signature verification failed
>
>
> I found the answer of similar issue from http://www.aleksey.com/xmlsec/faq.html
>
> So I add the DTD:
>
> <!DOCTYPE test [
> <!ATTLIST ds:Reference URI ID #IMPLIED>
> ]>
>
> But it doesn't work. Someone can help me out.
>
> Thanks in advance.
>
>
> -Jeffrey
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
More information about the xmlsec
mailing list