edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata
Chronological Thread
- From: Davide Vaghetti <davide.vaghetti AT garr.it>
- To: Wolfgang Pempe <pempe AT dfn.de>, edugain-discuss AT lists.geant.org
- Subject: Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata
- Date: Wed, 18 Sep 2019 11:56:47 +0200
On 18/09/19 10:45, Wolfgang Pempe wrote:
> Hi Davide,
>
> Am 18.09.19 um 10:29 schrieb Davide Vaghetti:
>> Hi Wolfgang,
>>
>> I'm trying to reproduce the issue you've found with the schema
>> validation and xmlsectool, but I can't (schema taken from
>> https://github.com/ukf/ukf-meta).
>>
>> Could you send us the command used?
>
> sorry, my/our bad. It seems to be a bug in a stylesheet we use to insert
> some entity attributes. We'll fix that.
>
> Sorry for the confusion,
Not at all, happy to know schema validation works as supposed.
Cheers,
Davide
> Wolfgang
>
>>
>> Cheers,
>> Davide
>>
>> On 18/09/19 08:28, Wolfgang Pempe wrote:
>>> Hi,
>>>
>>> Am 18.09.19 um 08:09 schrieb Zenon Mousmoulas:
>>>> Hi,
>>>>
>>>> the eduGAIN aggregate feed currently (since last night) contains an
>>>> EntityDescriptor that looks like this:
>>>>
>>>> <md:EntityDescriptor
>>>> entityID="https://accounts.ulbsibiu.ro/simplesaml/saml2/idp/metadata.php">
>>>>
>>>>
>>>> <ds:Signature>
>>>> <ds:SignedInfo>
>>>> <ds:CanonicalizationMethod
>>>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>>>> <ds:SignatureMethod
>>>> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
>>>> <ds:Reference URI="#pfx44c17c25-60d9-23df-33f8-e68b60e775ed">
>>>> <ds:Transforms>
>>>> <ds:Transform
>>>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>>>> <ds:Transform
>>>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>>>> </ds:Transforms>
>>>> <ds:DigestMethod
>>>> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>>>>
>>>> <ds:DigestValue>/xIcnvqd7arPwlNnZ55yxbBZEL4GYYWLy8iOZwBSZwc=</ds:DigestValue>
>>>>
>>>>
>>>> </ds:Reference>
>>>> </ds:SignedInfo>
>>>> <!-- [...] -->
>>>>
>>>> The reference URI is invalid. This has some side effects, among which
>>>> some older version of pyFF/pyXMLSecurity gets confused by such a
>>>> signature and bails out.
>>>
>>> The schema validation by the xmlsectool also fails. We're currently not
>>> able to update our downstream metadata.
>>>
>>> Best regards,
>>> Wolfgang
>>>
>>>>
>>>> I suppose this signature should have been stripped at some point.
>>>>
>>>> Right?
>>>>
>>>> Thanks,
>>>> Z.
>>>>
>>>
>>
>
--
Davide Vaghetti
Consortium GARR
Tel: +390502213158
Mobile: +393357779542
Skype: daserzw
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Zenon Mousmoulas, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Wolfgang Pempe, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Valeriu Vraciu, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Davide Vaghetti, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Wolfgang Pempe, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Davide Vaghetti, 09/18/2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Valeriu Vraciu, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Dick Visser, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Leif Johansson, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Dick Visser, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
Archive powered by MHonArc 2.6.19.