Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Use SAML Assertion as Kerberos Ticket

Subject: OpenSAML user discussion

List archive

Re: Use SAML Assertion as Kerberos Ticket


Chronological Thread 
  • From: Tom Scavo <>
  • To: Pham Hoai Van <>
  • Cc:
  • Subject: Re: Use SAML Assertion as Kerberos Ticket
  • Date: Wed, 23 Mar 2005 10:34:11 -0500
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=OI1tcbyuZn8Q1mzMkEGC2vuIXrosVw2fcR5FRbJ8AE/CVdcm5sK532qIBhCyDJmBdoSNDOwfUxzgc6hygz8VwHvrh6a/oo7f8FnSFDFp5+xe1niKmQK7GtYF34mMkJkFM+1p6QLzOsdmtjdvAT8XNWfjjvBImj9fIFcUOOc/V9w=
On Wed, 23 Mar 2005 20:00:53 +0700, Pham Hoai Van
<>
wrote:
>
> Because Kerberos Ticket is not xml-based, so i want a replacement of it with
> other xml-based message.
>
> Is it feasible with SAML Assertion ?

A Kerberos principal name can be used to identity a SAML subject (cf.
section 8.3.5 of [SAML2Core]) so yes, a SAML assertion can be
associated with a Kerberos ticket. I'm not sure what you're up to,
however. If you're more interested in web services than browsers, you
might want to take a look at [WSSKerberosProfile] as well.

Hope that helps,
Tom

[SAML2Core]
http://www.oasis-open.org/committees/download.php/11898/saml-core-2.0-os.pdf

[WSSKerberosProfile]
http://www.oasis-open.org/committees/download.php/8266/oasis-xxxxxx-wss-kerberos-token-profile-1%200.pdf

Archive powered by MHonArc 2.6.16.

Top of Page