OpenSAML user discussion

[Giandomenico Napolitano <>]

In my SAML PDP I need to communicate with other SAML responders  
before emitting an authorization decision. So, in the process of  
handling the first SOAP invocation as a *service*, the PDP queries at  
least one other SAML responder (AA(s) for the record) as a *client*.  
All communications are over HTTPS, with different server certs for  
PDP's client and AAs.

As far as I know, in current OpenSAML code there's no other way to  
configure SSL than using the singleton SAMLConfig. This config is  
read only whithin static part of the SAMLSOAPBinding implementation,  
so it's global and unique.

Maybe I should modify/rewrite SOAPHTTPBindingProvider.java to be  
dinamically configurable (and to (re)move static part)? In this case  
what should be the format for the Element passed as an argument to  
the constructor?
Maybe I'm pushing OpenSAML too far and I should use Axis to handle  
SOAP-over-HTTPS messaging instead?

Does OpenSAML perform correlation checks between a samlp:request's  
requestId and the corresponding inResponseTo in the samlp:response?

Thank you.
--
Giandomenico Napolitano
University of Pisa, Italy