Hi,

I'm trying to log in UserApp with a SAML assertion, generated by a SAML
filter placed in the jboss. My problem is, my assertion seems to have no
effect at all.
I don't think the problem could come from my SAML filter, it has been
coded by novell, and i checked every bit of it. I think i'm doing
something wrong with the storing of my certificates. My SAML assertions
are not correctly signed to my mind.

I have place a certificate with its key in the pfx format on my server
where the jboss UserApp is. This certificate, in the DER format is also
in the eDirectory, placed in a Trusted Root in the Trusted Root
container. In this Trusted Root Container, i also created six Trusted
Roots, containing the 6 different certificates (still in DER format) i
found in the CA.

Still the signing of my SAML assertions seems not to work. Any idea
what i should do to makes things right ? I'm open to any comments, or to
provide any further information/material you would need.

Just to make it a bit clearer, here is a log of my last SAML assertion
(trying to log with the login user. The correct password has been used.
The aborescence is correct (cn=user,ou=people,o=myCompany)):


Code:
--------------------
09:23:55,440 INFO [STDOUT] signed Assertion= <Assertion xmlns="urnasis:na\par
mes:tc:SAML:1.0:assertion" xmlns:saml="urnasis:names:tc:SAML:1.0:assertion" xm\par
lns:samlp="urnasis:names:tc:SAML:1.0rotocol" xmlns:xsd="http://www.w3.org/20\par
01/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AssertionID=\par
"_8144c786f5f9c34a5d703b2bbe251f3e" IssueInstant="2009-03-23T08:23:55.330Z" Issu\par
er="PF9SOSNS1" MajorVersion="1" MinorVersion="1"><AuthenticationStatement Authen\par
ticationInstant="2009-03-23T08:23:55.330Z" AuthenticationMethod="urnasis:names\par
:tc:SAML:1.0:amassword"><Subject><NameIdentifier Format="urnasis:names:tc:SA\par
ML:1.1:nameid-format:X509SubjectName">CN=user,ou=people,o=myComp any</NameIdentifier>\par
</Subject></AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/20\par
00/09/xmldsig#">\par
<ds:SignedInfo>\par
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><\par
/ds:CanonicalizationMethod>\par
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:\par
SignatureMethod>\par
<ds:Reference URI="#_8144c786f5f9c34a5d703b2bbe251f3e">\par
<ds:Transforms>\par
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature">\par
</ds:Transform>\par
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveN\par
amespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds\par
kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces></ds:Trans\par
form>\par
</ds:Transforms>\par
<dsigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsigestM\par
ethod>\par
<dsigestValue>xq7qAqymfATFrrVcb/h2HauJM+8=</dsigestValue>\par
</ds:Reference>\par
</ds:SignedInfo>\par
<ds:SignatureValue>\par
rVy+Eh1UAImpXXsWxfdyT9D8xdCFwMsLYzXJzpG5FnHy9QhjLM f+CUKxAHwkrCGIIZvCXntXDt3b\par
uQPoZ04liMU8moDqVXtEvXLINguiFssYqdn+9dobHIxtaAKYOR sLaGrVP8AMiwj/72H4mvpjv/Td\par
BxAhKnH8DWdPA+GjO60KZOGg8tXbcyhn/KBTSFgc28zF9X0DNPqZYtJegSlqFNIrXs+PlTXBsDaU\par
Z9PY0OyufIXNG8vyyK99y5a72avOWgpAf5yzpXPqe9UbeRg7M0 GeoVGGlwVmiT85IGd4DIbVRDO2\par
8D3JgDyBMzvrwepSzbwhJ04Rlg0McuG9otLOzQ==\par
</ds:SignatureValue>\par
</ds:Signature></Assertion>
--------------------


Thanks in advance if you have any suggestion(s) :-)


--
adminnovel
------------------------------------------------------------------------
adminnovel's Profile: http://forums.novell.com/member.php?userid=33631
View this thread: http://forums.novell.com/showthread.php?t=365824