Skip to Content.
Sympa Menu

mace-opensaml-users - SAML Assertion ids and interop

Subject: OpenSAML user discussion

List archive

SAML Assertion ids and interop


Chronological Thread 
  • From: Ted Toth <>
  • To:
  • Subject: SAML Assertion ids and interop
  • Date: Thu, 23 Jun 2005 14:21:53 -0700 (PDT)
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=G80JCXM3pOma2gZOiK+HqWJkq9Cj4GcmD6DG8xbBDxgx9AJO9JSoU/Pns6RZK38y2+jyJJe7eS+TdfFruWunokYKW7PnSXJS1ZipP73t4+Qmfgk2Qt4fo5b4Rfvt8pB9Kk+j3Ss6cqGhpV5A2RrldqS4ZL9uQHD5i6N0LydfvT0= ;

By interop I mean between .NET and Java web services
and clients. My .NET client is failing to validate the
response from a Java server (which uses opensaml)
because the WSE SecurityInputFilter is trying
to validate the signature of the element with the id
id-12374346 however for a SAML Assertion it is
comparing against the AssertionID and not the wsu:Id.

<Assertion
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
AssertionID="c3d50b725586474de4e411e597933763"
IssueInstant="2005-06-23T15:53:51.125Z"
Issuer="CN=www.foo.com, OU=Other, OU=PKI, OU=XxX,
O=U.S. Government, C=US" MajorVersion="1"
MinorVersion="1" wsu:Id="id-12374346">

If these ids contained the same value then I think
this would work. Does opensaml add the wsu:Id? I know
that you can create a SAMLAssertion with an id
(AssertionID) but for the .Net client to interoperate
with a Java based service the ids probably need to
match. I'm saying this because in the request
generated by the .Net client match and the Java server
seems to have no problem digesting them and validating
the signature.

Ted




__________________________________
Discover Yahoo!
Get on-the-go sports scores, stock quotes, news and more. Check it out!
http://discover.yahoo.com/mobile.html



Archive powered by MHonArc 2.6.16.

Top of Page