0

I am using opensaml to sign my SAML and I am also successfully able to validate it using OpenSAML's SignatureValidator. 

 SignatureValidator signValidator = new SignatureValidator( publicCredential );
  signValidator.validate( signature );

The IdP uses Component space to validate on their side however they are unable to validate it using the same SAML and publicCertificate. 

bool retVal = SAMLMessageSignature.Verify(samlResponseXml, x509Certificate);// returning false

The Signature algorithm in SAML is RSASHA1. From their logs we were able to see that the signature's hash value is different. Here are the logs:

http://pastebin.com/X27vUtbY

james2611nov
  • 473
  • 2
  • 10
  • 27

1 Answers1

1

The computed and expected hashes are different, as you say, which indicates the XML has been modified after signing. We have no known interoperability issues with OpenSAML so I suspect there's something else going on here. It's hard to say what the issue is from the limited information. I suggest the SP contact us, including the full SAML log, and we should be able to resolve the issue.

ComponentSpace
  • 1,287
  • 6
  • 9