mace-opensaml-users - SAMLNameIdentifier
Subject: OpenSAML user discussion
List archive
- From: Tom Scavo <>
- To: OpenSAML <>
- Subject: SAMLNameIdentifier
- Date: Thu, 14 Apr 2005 14:49:37 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=rtFGbOxufAsdf1IxuWvt0Ipuc3SZHUAI4uBKMDoLPxXGC2DbgNp//2zVdRbrgDPJA8RuLZRTNpiLFCle9dX9UOnpBq4wmdn8bMPEOBSQZi5NpijZ5n4874JrALMlrfpqFnBRd/HUg7yCbkHh2QIckq9KjsYempxG9vuvKr1ORVA=
The SAML 1.1 spec requires the content of the <NameIdentifier> element
to be encoded according to [XMLSig] when the Format attribute is set
to X509SubjectName. Since this isn't done in OpenSAML, I presume
implementations are required to do this step themselves. Correct?
Also, speaking of SAMLNameIdentifier, I see that the three-arg
constructor is defined to throw an exception but AFAIK this will never
happen. Why is the constructor defined this way? Maybe it should
validate the input arguments and actually throw an exception under
some circumstances...
Thanks,
Tom
- SAMLNameIdentifier, Tom Scavo, 04/14/2005
- RE: SAMLNameIdentifier, Scott Cantor, 04/14/2005
Archive powered by MHonArc 2.6.16.