mace-opensaml-users - RE: verifying signature on saml assertions
Subject: OpenSAML user discussion
List archive
- From: Scott Cantor <>
- To: ,
- Subject: RE: verifying signature on saml assertions
- Date: Wed, 16 Apr 2003 11:14:18 -0400
- Importance: Normal
- Organization: The Ohio State University
> SAMLResponse samlResponse = ...
> Iterator iter = samlResponse.getAssertions();
> SAMLAssertion samlAssertion = (SAMLAssertion)
> iter.next();
> samlAssertion.sign(..DSA..,privateKey,certs,true);
> samlAssertion.verify(true); // this works
If this works, it's a fluke and you're not signing what you think you are.
You can't sign an assertion that's inside a response with
that simple flag because the signature will cover the whole response. And the
non-simple mode doesn't really work most of the time.
So, the options are limited.
SAML 1.0 only uses signing on responses in the POST profile. Nothing else is
easily supportable except other use cases where the
signed content is the only thing in the document.
Again, I suggest waiting for a new version based on SAML 1.1. This is mostly
a hopeless exercise at this point.
I'll document whatever the state of things is when we do the next release so
everyone knows what will and won't work.
-- Scott
---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
---------------------------------------------------mace-opensaml-users--
- verifying signature on saml assertions, Rakesh Aggarwal, 04/11/2003
- Re: verifying signature on saml assertions, mochamaster, 04/11/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/12/2003
- <Possible follow-up(s)>
- RE: verifying signature on saml assertions, Rakesh Aggarwal, 04/14/2003
- RE: verifying signature on saml assertions, mochamaster, 04/14/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/14/2003
- RE: verifying signature on saml assertions, mochamaster, 04/15/2003
- RE: verifying signature on saml assertions, mochamaster, 04/15/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/16/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/16/2003
- RE: verifying signature on saml assertions, mochamaster, 04/16/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/16/2003
- RE: verifying signature on saml assertions, mochamaster, 04/16/2003
- RE: verifying signature on saml assertions, mochamaster, 04/15/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/14/2003
- RE: verifying signature on saml assertions, mochamaster, 04/14/2003
- RE: verifying signature on saml assertions, Rakesh Aggarwal, 04/14/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/14/2003
- RE: verifying signature on saml assertions, Rakesh Aggarwal, 04/14/2003
- RE: verifying signature on saml assertions, Scott Cantor, 04/14/2003
- RE: verifying signature on saml assertions, Rakesh Aggarwal, 04/16/2003
Archive powered by MHonArc 2.6.16.