I'm signing a SAML token with an X509 certificate, and getting what looks like a good signature except for one issue that seems relatively small, but that is causing me a huge headache. My signature looks like this:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#[removed]">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>S4...ku4=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>oav...T7E=</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MII...KFl</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
What I need is to add a namespace, ds, so that the signature looks like this:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#[removed]">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>S4...ku4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>oav...T7E=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MII...KFl</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
It seems like this should be something I could do during while computing the signature or importing the signature block back into the existing XML document, but, for the life of me, I can't figure out how I should be doing it. I've searched online and found several people having this issue, but haven't found a good example on how to fix the problem.
Since all tags need that starting namespace, you can try to treat the signature as a string with vb.net, c# or java, or any other compiler, and use a string.replace method. I give you an example with vb.net:
Dim signature as string = 'place here your file with a stringreader
signature = signature.Replace("<", "<ds:") 'first, all tags
signature = signature.Replace("<ds:/", "</ds:") 'then we correct closing tags
Hope it helps
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.