All,
I'm having a bit of trouble validating a SAML response which has been
signed by Okta (who know a thing or two about signed XML), and the code
I'm using was written by me using the basic Java XML security APIs, so
I'm thinking there is something off with what I'm doing.
If anyone has some experience with XMLDSIG in Java, I'd be grateful for
any help you might be able to provide.
Okta is providing two signatures: one for the assertions and one for the
overall SAML response (i.e. the whole XML document). The signatures
appear to be correct, but "core validation" is failing because of the
<Reference> in the signature.
I've been single-stepping through the process with a debugger and it
looks like something is going wrong with the XML canonicalization, but
I'm in a little over me head.
Any help would be appreciated.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
