OpenSAML and Infocard

15 June 2007

OpenSAML (to include Apache Xmlsec) and the PHP RP seem to disagree about what to do with unused namespaces during canonicalization. Xmlsec strips out the namespace declaration, whereas the PHP keeps it in. Looking at the spec, I'm going to side with Xmlsec.

Raw XML:

<attribute xsd="http://www.w3.org/2001/XMLSchema" xsi="http://www.w3.org/2001/XMLSchema-instance" attributename="surname" attributenamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"><attributevalue>MyLastName</attributevalue></attribute>

XmlSec:

<Attribute AttributeName="surname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"><AttributeValue>MyLastName</AttributeValue></Attribute>

PHP:

<Attribute xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AttributeName="surname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"><AttributeValue>MyLastName</AttributeValue></Attribute>

Related Posts

• 28 Jul 2015 » Hiding Secrets in Android Apps
• 16 Jul 2015 » This is an intervention. Stop storing secrets in your apps.
• 13 Jul 2015 » Configuring CouchDB-Lucene with Tomcat