Hi Hippo,
This is still going on! Currently there seems to be a difference between what is being signed by the NSL team and what the code is expecting - the Net::SAML modules were expecting the assertion node to be signed, we are receiving a signed full XML document.
With amended XML (a signed assertion node) we got through the part where XML::Sig was failing - if ($rsa_pub->verify( $canonical, $bin_signature )) { - I'm not sure if this is verifying the signature or just the certificate somehow, it's good that it passes now but there are however several steps after this where it fails. It proceeds to perform transforms on the XML before running if ($digest eq _trim(encode_base64($digest_bin))); - we're now failing at this point with two completely different strings.
Which one of these tests actually verifies the signature I'm not sure, nor why there are these two tests, I don't suppose you have any idea?
Either way, getting there (very, very slowly)
Cheers,
Matt
In reply to Re^6: Validating XML Signatures / SSL Certificate question (using Net::SAML)
by MattP
in thread Validating XML Signatures / SSL Certificate question (using Net::SAML)
by MattP
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |