[xmlsec] Verify XML signature with multiple KeyName
Leif Johansson
leifj at mnt.se
Fri Jun 29 08:37:32 PDT 2018
This feels more like a saml issue ... having said that...
On 2018-06-29 16:32, Paolo Smiraglia wrote:
> Hi guys, my name is Paolo.
>
> I'm trying to verify the signature of an SP (service provider) SAML
> metadata, which was signed with "samlsign" tool and using a
> certificate with two subjectAlternativeNames. Unfortunately, I receive
> the following error
<snip>
>
> The error seems to be related to multiple <KeyName> tags nested within
> <KeyInfo>. Indeed, if I resign the same document with a certificate
> that has only one alternative name, the resulting signature has just
> one <KeyName> and xmlsec verifies correctly.
>
> Otherwise, if I try to verify both the signed document with samlsign
> or xmlsectool, everything goes well.
My guess is that Scott just tries to iterate over all possible
combinations... Is this a key rollover situation btw?
>
> Do you have something to suggest? Thanks!
What saml profile is this trying to comply with? Is it perhaps eIDAS?
Cheers Leif
>
> Bests,
>
> Paolo
>
More information about the xmlsec
mailing list