mace-opensaml-users - RE: SAML Assertion Authority
Subject: OpenSAML user discussion
List archive
- From: "Scott Cantor" <>
- To: <>, <>
- Subject: RE: SAML Assertion Authority
- Date: Mon, 21 Nov 2005 11:28:17 -0500
- Organization: The Ohio State University
> 1. How I can use openSAML to validate a SAML token from
> some Token Assertion Authority?
It's out of scope. You can use opensaml to validate a signature over a
signed token, but that's the tip of the iceberg when it comes to defining
"validation". Shibboleth has entire libraries of code devoted to metadata
and deriving acceptable keys based on the identity of the authority. None of
that is inside opensaml.
> 2. How any one can be act as a SAML Token Assertion
> Authority? Is there are any special attributes required for that?
An authority is just something that issues assertions for use in some
profile. There are no profiles in SAML specifically addressing issuing
anything except for responses to queries or web browser SSO, and so there's
little to guide you. Something like Liberty WSF defines profiles for using
SAML assertions in web services, but that's a layer above opensaml itself.
> 3. To test my SAML implementation how I can use an
> in-hosue Token Assertion Authority? Is openSAML has any such option?
No, opensaml is a toolkit. An authority implementation might be a Java
servlet that uses opensaml to create the assertions, but most of the work is
outside opensaml.
-- Scott
- SAML Assertion Authority, ansarkar, 11/21/2005
- RE: SAML Assertion Authority, Scott Cantor, 11/21/2005
Archive powered by MHonArc 2.6.16.