0

I'm having trouble verifying an XML signed document that was created by SiteMinder with Ruby on Rails xmldsig gem. I cloned the gem and ran through it with the debugger, and I can't find anything wrong. It fails both [:digest_value, :signature]. However, this online tool says the XML is valid (but the certificate is not trusted): http://www.globaltrustfinder.com/XMLSignatureVerificationStep1.aspx

This online tool says the XML is invalid: http://www.aleksey.com/xmlsec/xmldsig-verifier.html

Sorry I can't post the XML because it contains email addresses, and it wouldn't help to take them out if it is signed. But here is the <ds:Signature> http://pastebin.com/CxYkgBhx

I tried to run xmlsec1 from the command line, but it would not install correctly.

I tried to verify the document in XMLSpy, but it said Canonical XML of type 'http://www.w3.org/2001/10/xml-exc-c14n#' is not supported?!

Chloe
  • 25,162
  • 40
  • 190
  • 357
  • 1
    You can't show us the problem XML but want us to tell you what the problem is? Please see http://meta.stackexchange.com/questions/156810/stack-overflow-question-checklist, especially the last bullet in the list. – the Tin Man Jul 30 '13 at 03:17
  • @theTinMan Ok I'll see what I can do. Possibly will request another sample without personal information. Was hoping there was a super-secret-awesome XML signature verifier online that I could not find. – Chloe Jul 30 '13 at 04:45

0 Answers0