Uploaded image for project: 'OpenSAML - C++'
  1. OpenSAML - C++
  2. CPPOST-48

Signature validation with multiple references

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Invalid
    • Affects Version/s: 2.3
    • Fix Version/s: None
    • Component/s: SAML 2
    • Labels:
      None
    • Environment:

      Debian Linux 5.0.4, Linux 2.6.26-2-686 #1 SMP i686 GNU/Linux

    • Operating System:
      Multiple
    • CPU Type:
      Multiple
    • C/C++ Compiler:
      Multiple

      Description

      The XML Signature schema allows multiple reference elements on the same signature:
      http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd

      Although I don't see a benefit of this possibility (but I'm not an XML signature expert), I've to deal with SAML assertions containing the same reference element twice. Unfortunately, such assertions cannot be validated with the current version of OpenSAML.

      The fix, which solved the problem for me, is quite small:

      diff -ur opensaml-2.3/saml/signature/SignatureProfileValidator.cpp opensaml-2.3-knipp/saml/signature/SignatureProfileValidator.cpp
      — opensaml-2.3/saml/signature/SignatureProfileValidator.cpp 2009-11-03 01:49:25.000000000 +0100
      +++ opensaml-2.3-knipp/saml/signature/SignatureProfileValidator.cpp 2010-06-22 23:03:40.000000000 +0200
      @@ -66,7 +66,7 @@

      bool valid=false;
      DSIGReferenceList* refs=sig->getReferenceList();

      • if (refs && refs->getSize()==1) {
        + if (refs && refs->getSize()>=1) {
        DSIGReference* ref=refs->item(0);
        if (ref) {
        const XMLCh* URI=ref->getURI();

      I don't know the correct treatment of multiple references, so this may need further improvement.

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            knipp Franz Knipp
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: