mace-opensaml-users - RE: Question regarding general SAML receiver framework
Subject: OpenSAML user discussion
List archive
- From: Scott Cantor <>
- To: 'roy' <>,
- Subject: RE: Question regarding general SAML receiver framework
- Date: Fri, 09 Jan 2004 10:40:07 -0500
- Importance: Normal
- Organization: The Ohio State University
Another point I'd make about your example instance is that it won't work
anyway. You're doing the one thing you can't do in SAML 1.0 interoperably,
which is to sign an assertion and stick it inside something else, in this
case a response. Your Reference URI is bogus because it's pointing at the
whole document, not the Assertion.
I don't build any signature transfoms that would work in that case, which
requires Xpath, basically.
Signing the response itself should work, subject to whether there are
problems I mentioned before in C++, but the assertion part definitely won't.
-- Scott
- Question regarding general SAML receiver framework, roy, 01/06/2004
- RE: Question regarding general SAML receiver framework, Scott Cantor, 01/06/2004
- Re: Question regarding general SAML receiver framework, roy, 01/09/2004
- RE: Question regarding general SAML receiver framework, Scott Cantor, 01/09/2004
- RE: Question regarding general SAML receiver framework, Scott Cantor, 01/09/2004
- Re: Question regarding general SAML receiver framework, roy, 01/09/2004
- Re: Question regarding general SAML receiver framework, Walter Hoehn, 01/06/2004
- RE: Question regarding general SAML receiver framework, Scott Cantor, 01/06/2004
Archive powered by MHonArc 2.6.16.