Skip to Content.
Sympa Menu

mace-opensaml-users - RE: Use SAML Assertion as Kerberos Ticket

Subject: OpenSAML user discussion

List archive

RE: Use SAML Assertion as Kerberos Ticket


Chronological Thread 
  • From: "Scott Cantor" <>
  • To: "'Derek Atkins'" <>
  • Cc: "'Pham Hoai Van'" <>, <>
  • Subject: RE: Use SAML Assertion as Kerberos Ticket
  • Date: Wed, 23 Mar 2005 12:51:04 -0500
  • Organization: The Ohio State University

> How do you do your symmetric key exchange? In particular, how do you get
> the shared secret between the subject (the user) and the SP (the service)?

How does Kerberos do it? By hashing a password into a key, right? Have the
authority issue an assertion with the confirmation key wrapped in the
principal's key, then the principal enters the password, the client decrypts
the confirmation key and uses it to generate the proof of posession to
confirm itself as the subject to the SP.

I'm sure there are lots more details to get right. I'm not advocating doing
it, I'm just saying it's technically possible.

-- Scott




Archive powered by MHonArc 2.6.16.

Top of Page