OpenSAML user discussion

[Scott Cantor <>]

>Are there any docs on how to use OpenSAML? 

Not as such, but the API is fairly simple to pick up, in Java anyway. The 
JavaDocs are fairly complete.

>We have a fairly straightforward task - Site A sends login credentials to
>Site B and gets back a digitally signed SAML response asserting that this is
>indeed user X. 

That's not something SAML 1.0 or 1.1 defines as in-scope, so there are no 
messages that can be used in any standard way to do this.
The result of an authentication is an AuthenticationStatement, but there's 
nothing defined in SAML to actually define why or when or
how the statement is produced.

>Is this easy to do using OpenSAML and the Java JAX-RPC API? 

In theory, it's simple to code it up in certain scenarios like 
username/password, but there's no profile to follow. Credentials
collection scenarios are under some discussion for SAML 2.0.

>Are there SAML Server products out there that will do this for you? 
>Netegrity used to offer JSAML which appeared like it might have been
>appropriate.

There are no interoperable profiles to permit it, so if the products do it, 
it's not as a SAML feature. JSAML is just a library like
OpenSAML, and what you do with it is up to you, not the library.

-- Scott

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--