Skip to Content.
Sympa Menu

mace-opensaml-users - SAMLNameIdentifier

Subject: OpenSAML user discussion

List archive

SAMLNameIdentifier


Chronological Thread 
  • From: Tom Scavo <>
  • To: OpenSAML <>
  • Subject: SAMLNameIdentifier
  • Date: Thu, 14 Apr 2005 14:49:37 -0400
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=rtFGbOxufAsdf1IxuWvt0Ipuc3SZHUAI4uBKMDoLPxXGC2DbgNp//2zVdRbrgDPJA8RuLZRTNpiLFCle9dX9UOnpBq4wmdn8bMPEOBSQZi5NpijZ5n4874JrALMlrfpqFnBRd/HUg7yCbkHh2QIckq9KjsYempxG9vuvKr1ORVA=

The SAML 1.1 spec requires the content of the <NameIdentifier> element
to be encoded according to [XMLSig] when the Format attribute is set
to X509SubjectName. Since this isn't done in OpenSAML, I presume
implementations are required to do this step themselves. Correct?

Also, speaking of SAMLNameIdentifier, I see that the three-arg
constructor is defined to throw an exception but AFAIK this will never
happen. Why is the constructor defined this way? Maybe it should
validate the input arguments and actually throw an exception under
some circumstances...

Thanks,
Tom



Archive powered by MHonArc 2.6.16.

Top of Page