OpenSAML user discussion

["Scott Cantor" <>]

> I am hoping there might be some "known good" example Response 
> messages that can be used to demonstrate OpenSAML can consume 
> Responses signed by outside parties, even if we don't have a 
> copy of the outside party's public key.  
> 
> Any pointers would be appreciated.  Thanks in advance.

I have log files from the Catalyst demo full of examples produced by at
least 6 or so vendors' products, but I'm not going to go digging in them
just to prove a point.

What kind of assurances are you looking for exactly? Anything I posted
couldn't be "proven" to have come from any particular implementation anyway.
If you want real evidence, I think you'd have to be generating the input...

I was going to note the GSA lab certification which is about done, but that
doesn't use signing, so it's not of any use here.

-- Scott