Xpath transformation not working in java

Question

This is my xml document. I want to sign only the userID part using xml signature. I am using xpath transformation to select that particular element.

Answer 1

This is not a valid xpath expression, there is no way to declare namespace prefixe inside the expression.

samlp:AuthnRequest/UserID xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

XPathFilterParameterSpec does have another constructor that allows to specify a mapping of namespace prefixes, you could try the following expression:

new XPathFilterParameterSpec("samlp:AuthnRequest/UserID",
    Collections.singletonMap("samlp", "urn:oasis:names:tc:SAML:2.0:protocol"))

Edit:

The message does not seem to be an error, see line 426 here, its log level should probably be lower than INFO though.

I also had a look at the description of xpath filtering:

The XPath expression appearing in the XPath parameter is evaluated once for each node in the input node-set. The result is converted to a boolean. If the boolean is true, then the node is included in the output node-set. If the boolean is false, then the node is omitted from the output node-set.

So the correct xpath expression to only include the UserID in the signature would be self::UserID. But don't ask me if this actually makes sense for a xml signature. The example in the specification seems to use a xpath expression to include everything except the signature element itself:

not(ancestor-or-self::dsig:Signature)

Edit 2:

The correct expression is actually ancestor-or-self::UserID since the filter also has to include the text child nodes of the UserID node.