SAML Assertion Signature Problem
Hello everyone,
I'm trying to consume a web service with SAML Token Authentication. Here I discovered a different implementation regarding the Standards "urn:oasis:names:tc:SAML:1.0:assertion", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform" and "http://www.w3.org/2000/09/xmldsig" between soapUI and the standard software, which delivered the web service.
The standard software expects only one signature (http://www.w3.org/2000/09/xmldsig) element which includes all signatures to the signed elements. soapUI on his side creates several signature elements which are spread throughout the SOAP Header.
Furthermore, if you check the "sign" checkbox at the SAML (Form) configuration, soapUI adds the same X509 certificate twice to the document, which should be not required as well.
I attached an example request, generated by soapUI as well as an example request, which has a different structure but essentially the same content. This might help in understanding my problem.
In addition, it would be great, to be able to disable the “InclusiveNamespaces”.
If I can provide more information, please do not hesitate to contact me.
Best regards,
Dominik Schmich
I'm trying to consume a web service with SAML Token Authentication. Here I discovered a different implementation regarding the Standards "urn:oasis:names:tc:SAML:1.0:assertion", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform" and "http://www.w3.org/2000/09/xmldsig" between soapUI and the standard software, which delivered the web service.
The standard software expects only one signature (http://www.w3.org/2000/09/xmldsig) element which includes all signatures to the signed elements. soapUI on his side creates several signature elements which are spread throughout the SOAP Header.
Furthermore, if you check the "sign" checkbox at the SAML (Form) configuration, soapUI adds the same X509 certificate twice to the document, which should be not required as well.
I attached an example request, generated by soapUI as well as an example request, which has a different structure but essentially the same content. This might help in understanding my problem.
In addition, it would be great, to be able to disable the “InclusiveNamespaces”.
If I can provide more information, please do not hesitate to contact me.
Best regards,
Dominik Schmich