Forum Discussion
JimL
16 years agoContributor
Hi,
I did more testing, and I'm afraid that I'm at an impasse.
First of all, for reference, here is what one of our "valid" WebLogic blocks looks like:
MajorVersion="1" MinorVersion="1"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
weblogic
urn:oasis:names:tc:SAML:1.0:cm:sender-vouches
QVVEqebiI8LY8u2/elbrXxyZ04k=
P0a5rpznbrPqhb0frjTJhXJhqO/Otviabu8kGIRmHV8rQ1A2RrdMilwPp780CUEv2iSEgUQI3sYalRamuB/23V
iicWeRqSpstEgGTAXsmLtEN4i908bHZWEhsL7ZcAoUE4JN9ONUSuuG7sZZuOx8ya4Lg28lx0jIHBEhI+LGnLQ=
MIIDMDCCApmgAwIBAgIBADANBgkqhkiG9w0BAQQFADB1MQswCQYDVQQGEwJVUzETMBEG
A1UECBMKU29tZSBTdGF0ZTESMBAGA1UEBxMJU29tZSBDaXR5MRUwEwYDVQQKEwxTb21lIENvbXBhbnkxEzARBgNV
BAsTClNvbWUgR3JvdXAxETAPBgNVBAMTCGNvbnN1bWVyMB4XDTAzMTAwMzAwNTE1MloXDTEzMDkzMDAwNTE1Mlo
wdTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUgU3RhdGUxEjAQBgNVBAcTCVNvbWUgQ2l0eTEVMBMGA1UECh
MMU29tZSBDb21wYW55MRMwEQYDVQQLEwpTb21lIEdyb3VwMREwDwYDVQQDEwhjb25zdW1lcjCBnzANBgkqhkiG9
w0BAQEFAAOBjQAwgYkCgYEApYAO1laM2GJBQDLMtvpsz6ndkpdnWMB6D0Da+T3Xc6y3N31sMt0AT3bGZJ/ca33I+A+
L9f6CATotc1n9rKBXv4Bxy9zZ8CRS3xoSytk5lGWOY7xYImjgbWM9YVqeWJiRJX+jnKF/JjjDsYXJsJ7mJbmYr2TkpeRPfEf+
CuToDbMCAwEAAaOBzzCBzDAdBgNVHQ4EFgQUK2f7I/IXNeEMiR1CnrCurAFmiewwgZ8GA1UdIwSBlzCBlIAUK2f7I/IX
NeEMiR1CnrCurAFmieyheaR3MHUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lIFN0YXRlMRIwEAYDVQQHEwlTb21
lIENpdHkxFTATBgNVBAoTDFNvbWUgQ29tcGFueTETMBEGA1UECxMKU29tZSBHcm91cDERMA8GA1UEAxMIY29uc3VtZ
XKCAQAwCQYDVR0TBAIwADANBgkqhkiG9w0BAQQFAAOBgQCeIb85xq/foT5fbri6wNeQy+BhjZXeFc91VEbCbyJ+q1rm
CUP08vs4CO7tvwC1XySlEuTgYn6FjZKX0lPO9x1uvaegF9JwY0jWD/Kd+3lHKiJEZrmmgLtKA8lFRAU2SeWIqJYE4nDKyP
2UrrpyvB+evXtM3wS8cQqSXE38zm3Bhg==
A couple of things to note in the above:
1) The is embedded in the element
2) There're these two in the :
Now, I tried the test I mentioned in my previous post, i.e.:
a) I added the manually into the request, then
b) I did right-click apply==>Ws-security, which created the, then
c) I manually copy-pasted such that the was embedded in the
d) I then sent the request to the WebLogic webservice and got this error:
"Could not verify signature: SAMLSignedObject.verify() detected an invalid signature profile."
So, I then added:
to the, and sent the request again.
This time, I got the following error:
"Could not verify signature: SAMLSignedObject.verify() failed to validate signature value."
Now, I have to admit that I don't know whether that last error is because with the various copy-pasting, I just
inadverdently corrupted the signed content to the point that the signature was no longer good, or whether the
signature "covers" the block, and because I added the "enveloped-signature"
that made the signature invalid, but either way, it doesn't seem like this works.
I guess that, to me, the really "correct" thing might be if SOAPUI had an option in the Signature configuration for
enveloped vs. enveloping?
Jim
I did more testing, and I'm afraid that I'm at an impasse.
First of all, for reference, here is what one of our "valid" WebLogic
MajorVersion="1" MinorVersion="1"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
iicWeRqSpstEgGTAXsmLtEN4i908bHZWEhsL7ZcAoUE4JN9ONUSuuG7sZZuOx8ya4Lg28lx0jIHBEhI+LGnLQ=
A1UECBMKU29tZSBTdGF0ZTESMBAGA1UEBxMJU29tZSBDaXR5MRUwEwYDVQQKEwxTb21lIENvbXBhbnkxEzARBgNV
BAsTClNvbWUgR3JvdXAxETAPBgNVBAMTCGNvbnN1bWVyMB4XDTAzMTAwMzAwNTE1MloXDTEzMDkzMDAwNTE1Mlo
wdTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUgU3RhdGUxEjAQBgNVBAcTCVNvbWUgQ2l0eTEVMBMGA1UECh
MMU29tZSBDb21wYW55MRMwEQYDVQQLEwpTb21lIEdyb3VwMREwDwYDVQQDEwhjb25zdW1lcjCBnzANBgkqhkiG9
w0BAQEFAAOBjQAwgYkCgYEApYAO1laM2GJBQDLMtvpsz6ndkpdnWMB6D0Da+T3Xc6y3N31sMt0AT3bGZJ/ca33I+A+
L9f6CATotc1n9rKBXv4Bxy9zZ8CRS3xoSytk5lGWOY7xYImjgbWM9YVqeWJiRJX+jnKF/JjjDsYXJsJ7mJbmYr2TkpeRPfEf+
CuToDbMCAwEAAaOBzzCBzDAdBgNVHQ4EFgQUK2f7I/IXNeEMiR1CnrCurAFmiewwgZ8GA1UdIwSBlzCBlIAUK2f7I/IX
NeEMiR1CnrCurAFmieyheaR3MHUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lIFN0YXRlMRIwEAYDVQQHEwlTb21
lIENpdHkxFTATBgNVBAoTDFNvbWUgQ29tcGFueTETMBEGA1UECxMKU29tZSBHcm91cDERMA8GA1UEAxMIY29uc3VtZ
XKCAQAwCQYDVR0TBAIwADANBgkqhkiG9w0BAQQFAAOBgQCeIb85xq/foT5fbri6wNeQy+BhjZXeFc91VEbCbyJ+q1rm
CUP08vs4CO7tvwC1XySlEuTgYn6FjZKX0lPO9x1uvaegF9JwY0jWD/Kd+3lHKiJEZrmmgLtKA8lFRAU2SeWIqJYE4nDKyP
2UrrpyvB+evXtM3wS8cQqSXE38zm3Bhg==
A couple of things to note in the above:
1) The
2) There're these two
Now, I tried the test I mentioned in my previous post, i.e.:
a) I added the
b) I did right-click apply==>Ws-security, which created the
c) I manually copy-pasted
d) I then sent the request to the WebLogic webservice and got this error:
"Could not verify signature: SAMLSignedObject.verify() detected an invalid signature profile."
So, I then added:
to the
This time, I got the following error:
"Could not verify signature: SAMLSignedObject.verify() failed to validate signature value."
Now, I have to admit that I don't know whether that last error is because with the various copy-pasting, I just
inadverdently corrupted the signed content to the point that the signature was no longer good, or whether the
signature "covers" the
that made the signature invalid, but either way, it doesn't seem like this works.
I guess that, to me, the really "correct" thing might be if SOAPUI had an option in the Signature configuration for
enveloped vs. enveloping?
Jim
Related Content
- 9 years agochetanpatel
- 10 months agoalinabond
Recent Discussions
- 8 days agoshand2i