Skip to Content.
Sympa Menu

mace-opensaml-users - RE: SAMLResponse verification

Subject: OpenSAML user discussion

List archive

RE: SAMLResponse verification


Chronological Thread 
  • From: "Scott Cantor" <>
  • To: <>, <>
  • Subject: RE: SAMLResponse verification
  • Date: Wed, 20 Jul 2005 12:16:46 -0400
  • Organization: The Ohio State University

> Any idea? Should I post the SAMLResponse itself?

You could try, but I won't have any time to look at it for a while, and I
doubt I'd learn anything if I did. signtest is not easy to use. It's
possible you're just corrupting the XML in the process of supplying it. I'd
be more concerned if you fed in the raw base64 by hand, decoded it, and
wrote code to verify that.

For that matter, if you're actually generating a POST response, you could
supply it to a Shibboleth test server and we could try and diagnose it that
way.

I used to be very paranoid about this stuff, but at this point, I know that
the C++ can verify Java stuff fine, I've tested against many different
codebases. I'm not as confident about the C++ signing, only because of how
I'm serializing the XML, but the other direction has worked fine.

-- Scott




Archive powered by MHonArc 2.6.16.

Top of Page