429gus987brunsting400
New Member
This is my xml document. I want to sign only the userID part using xml signature. I am using xpath transformation to select that particular element.\[code\]<samlp:AuthnRequest xmlns:samlp="urn
asis:names:tc:SAML:2.0
rotocol"Version="2.0" IssueInstant="2012-05-22T13:40:52:390" ProtocolBinding="urnasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="localhost:8080/consumer.jsp"><UserID> xyz</UserID><testing> text</testing><saml:Issuer xmlns:saml="urnasis:names:tc:SAML:2.0:assertion"> http://localhost:8080/saml/SProvider.jsp</saml:Issuer></samlp:AuthnRequest>\[/code\]
I am using the following code to add the transformations :
\[code\]transformList.add(exc14nTransform); transformList.add(fac.newTransform(Transform.XPATH, new XPathFilterParameterSpec("samlp:AuthnRequest/UserID xmlns:samlp=\"urnasis:names:tc:SAML:2.0rotocol\"")));\[/code\]
But I get the following :\[code\]Original Exception was javax.xml.transform.TransformerException: Extra illegal tokens: 'xmlns', ':', 'samlp', '=', '"urnasis:names:tc:SAML:2.0rotocol"'\[/code\]
So, I tried removing the xmlns part. \[code\]transformList.add(fac.newTransform(Transform.XPATH, new XPathFilterParameterSpec("samlp:AuthnRequest/UserID")));\[/code\]
But it signs the whole document and gives the following message : \[code\]com.sun.org.apache.xml.internal.security.utils.CachedXPathFuncHereAPI fixupFunctionTableINFO: Registering Here function\[/code\]
What is the problem?
EDIT
As @J?rn Horstmann said the message is just a log or something like that. Now the problem is that even after giving the xpath query the whole document is signed instead of just the UserID. I confirmed this by changing the value of \[code\]<testing>\[/code\]element after signing the document. The result is that the document does not get validated(If it signed only the UserID part, then any changes made to \[code\]<testing>\[/code\] should result in a valid signature .)
asis:names:tc:SAML:2.0rotocol"Version="2.0" IssueInstant="2012-05-22T13:40:52:390" ProtocolBinding="urnasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="localhost:8080/consumer.jsp"><UserID> xyz</UserID><testing> text</testing><saml:Issuer xmlns:saml="urnasis:names:tc:SAML:2.0:assertion"> http://localhost:8080/saml/SProvider.jsp</saml:Issuer></samlp:AuthnRequest>\[/code\]I am using the following code to add the transformations :
\[code\]transformList.add(exc14nTransform); transformList.add(fac.newTransform(Transform.XPATH, new XPathFilterParameterSpec("samlp:AuthnRequest/UserID xmlns:samlp=\"urn
asis:names:tc:SAML:2.0rotocol\"")));\[/code\]But I get the following :\[code\]Original Exception was javax.xml.transform.TransformerException: Extra illegal tokens: 'xmlns', ':', 'samlp', '=', '"urn
asis:names:tc:SAML:2.0rotocol"'\[/code\]So, I tried removing the xmlns part. \[code\]transformList.add(fac.newTransform(Transform.XPATH, new XPathFilterParameterSpec("samlp:AuthnRequest/UserID")));\[/code\]
But it signs the whole document and gives the following message : \[code\]com.sun.org.apache.xml.internal.security.utils.CachedXPathFuncHereAPI fixupFunctionTableINFO: Registering Here function\[/code\]
What is the problem?
EDIT
As @J?rn Horstmann said the message is just a log or something like that. Now the problem is that even after giving the xpath query the whole document is signed instead of just the UserID. I confirmed this by changing the value of \[code\]<testing>\[/code\]element after signing the document. The result is that the document does not get validated(If it signed only the UserID part, then any changes made to \[code\]<testing>\[/code\] should result in a valid signature .)