Topic
  • 4 replies
  • Latest Post - ‏2013-10-16T14:35:11Z by maxbenDA
BrunoD
BrunoD
7 Posts

Pinned topic Sign XML wihout <X509IssuerSerial>

‏2009-04-02T21:52:14Z |
Hi,

There is a way to sign a XML file without generating the <X509IssuerSerial> element!?

Ex.:

Now I have:


<...> <Signature xmlns=
"http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm=
"http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/> <SignatureMethod Algorithm=
"http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI=
""> <Transforms> <Transform Algorithm=
"http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <Transform Algorithm=
"http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/> </Transforms> <DigestMethod Algorithm=
"http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>...</DigestValue> </Reference> </SignedInfo> <SignatureValue>Oh6nzfYSxF61Vc5fod/u+7PW522CpbyODnc+uGL05Wq5GJGOdCsZM0KSjmMhb7cO/f5iJ6VUa72a6N/j1bqMNr7fJObGfYRZld3aCI1g0LEBKdOBLOFIxWLIqMVbTTchWQD49SUOpSQElAExJpKqu0Twguvq2auq74NMo7zdHXU=</SignatureValue> <KeyInfo> <X509Data> <X509Certificate>...</X509Certificate> <X509IssuerSerial> <X509IssuerName>...</X509IssuerName> <X509SerialNumber>...</X509SerialNumber> </X509IssuerSerial> </X509Data> </KeyInfo> </Signature> </...>


I need:


<...> <Signature xmlns=
"http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm=
"http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/> <SignatureMethod Algorithm=
"http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI=
""> <Transforms> <Transform Algorithm=
"http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <Transform Algorithm=
"http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/> </Transforms> <DigestMethod Algorithm=
"http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>...</DigestValue> </Reference> </SignedInfo> <SignatureValue>Oh6nzfYSxF61Vc5fod/u+7PW522CpbyODnc+uGL05Wq5GJGOdCsZM0KSjmMhb7cO/f5iJ6VUa72a6N/j1bqMNr7fJObGfYRZld3aCI1g0LEBKdOBLOFIxWLIqMVbTTchWQD49SUOpSQElAExJpKqu0Twguvq2auq74NMo7zdHXU=</SignatureValue> <KeyInfo> <X509Data> <X509Certificate>...</X509Certificate> </X509Data> </KeyInfo> </Signature> </...>


The certificate data are represented in the protocol layer. I'm sending the certificate in the HTTPS (SSL Proxy).
Thanks.
Updated on 2013-03-21T00:27:40Z at 2013-03-21T00:27:40Z by SystemAdmin
  • zhangcr
    zhangcr
    50 Posts

    Re: Sign XML wihout &lt;X509IssuerSerial&gt;

    ‏2009-04-08T18:06:39Z  
    I guess you just need to write a XSLT transformation to remove the X509IssuerSerial node.
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Sign XML wihout &lt;X509IssuerSerial&gt;

    ‏2013-03-21T00:27:40Z  
    • zhangcr
    • ‏2009-04-08T18:06:39Z
    I guess you just need to write a XSLT transformation to remove the X509IssuerSerial node.
    i know its years old thread, but you guys had fixed this issue. i have same problem too
  • Qidi
    Qidi
    1 Post

    Re: Sign XML wihout &lt;X509IssuerSerial&gt;

    ‏2013-09-05T14:04:04Z  
    • zhangcr
    • ‏2009-04-08T18:06:39Z
    I guess you just need to write a XSLT transformation to remove the X509IssuerSerial node.

    Do we have any another way? such as configuration setting in DP side?

    Thanks

  • maxbenDA
    maxbenDA
    10 Posts

    Re: Sign XML wihout &lt;X509IssuerSerial&gt;

    ‏2013-10-16T14:35:11Z  
    • Qidi
    • ‏2013-09-05T14:04:04Z

    Do we have any another way? such as configuration setting in DP side?

    Thanks

    Hi,

    I had the same problem to use the DataPower as Identity Provider for Microsoft SharePoint. The only way i found is to strip the X509IssuerSerial node with xslt transformation.

    Regards