[Pyxmlsec-devel] Error while encrypting XML (SAML assertion)

Patrick Craston Patrick.Craston at contextis.co.uk
Thu Apr 10 12:50:45 CEST 2014

Hello Dieter

Thanks very much for your reply. 

I just found your package "dm.xmlsec.binding" and am now using it successfully in my code (using the xmlsec.TransformDes3Cbc encryption method). Thanks very much for this, it's an absolute life saver! :-)

It does not work with the "aes128-cbc" encryption, so it might well by an issue with my setup. I'm using openssl version 1.0.1 on Ubuntu 12.04.4 LTS. Do you know whether I need to install any additional packages to get this encryption method to work?

Thanks again for the excellent package and your help by email.


-----Original Message-----
From: Dieter Maurer [mailto:dieter at handshake.de] 
Sent: 10 April 2014 11:44
To: Patrick Craston
Cc: pyxmlsec-devel at lists.labs.libre-entreprise.org
Subject: Re: [Pyxmlsec-devel] Error while encrypting XML (SAML assertion)

Patrick Craston wrote at 2014-4-10 10:40 +0100:
> ...
>I'm trying to encrypt a XML node (SAML Assertion) using PyXMLSec 0.3.1 (following this example http://pyxmlsec.labs.libre-entreprise.org/index.php?section=examples&id=10)  and failing.
> ...
>When I run my Django app that calls the above code, I get this error:
>func=xmlSecOpenSSLAppDefaultKeysMngrAdoptKey:file=app.c:line=1319:obj=unknown:subj=xmlSecKeysMngrGetKeysStore:error=1:xmlsec library function failed:
>func=xmlSecTransformIdListFindByHref:file=transforms.c:line=2538:obj=unknown:subj=xmlSecPtrListCheckId(list, xmlSecTransformIdListId):error=100:assertion:
>bj=xmlSecTransformIdListFindByHref:error=1:xmlsec library function 

It seems to have problems with the encryption method "http://www.w3.org/2001/04/xmlenc#aes128-cbc".
Maybe, your "OpenSSL" installation does not support this encryption method.

In addition, "PyXMLSec" has a severe bug which hampers its use for SAML (however, your problem does not seem related to this bug).
I have posted a patch for the bug. However, "PyXMLSec" development seems dead. Therefore, I have published (on "PyPI") "dm.xmlsec.binding" -- a replacement for "PyXMLSec". Maybe, you switch to this package?


More information about the Pyxmlsec-devel mailing list