Skip to Content.
Sympa Menu

mace-opensaml-users - Re: SAML1.x or SAML2.x?

Subject: OpenSAML user discussion

List archive

Re: SAML1.x or SAML2.x?


Chronological Thread 
  • From: "Tom Scavo" <>
  • To: "Pantvaidya, Vishwajit" <>
  • Cc:
  • Subject: Re: SAML1.x or SAML2.x?
  • Date: Thu, 20 Apr 2006 19:31:43 -0400
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=tIBMbtL51jfXZ2UqSQLYGlct4CU8+zifx+wjPOE5QNrmI3R/ni3bkf7wC7vZ3wuVymrqwyV4Hy+UW/UUxhnH/AkqjRzmujLqVybCjv+F/q/WU5wHM+upUV81nIG6nDxCcJz+eRbJxNC7H4rVBvFT+35fAl+mYtUnBDHHft15xPQ=
On 4/20/06, Pantvaidya, Vishwajit
<>
wrote:
>
> So basically looks like in our case the SAML assertion xml will be passed
> through the URL parameters.
>
> I checked SAML 1.1 and 2.0 specs and it seems that 1.1 does not support this
> scenario.

That's true, SAML 1.1 does not have an HTTPRedirect binding. However,
is there some reason why you can't use Browser/POST?

More importantly, SAML 1.1 does not support SP-first profiles. Is
there some reason why you can't just use Shibboleth (which defines an
AuthnRequest profile)? That sure would make your like easier. :-)

> So
>
> - do I need to use SAML2.0 (it seems the SAML2 HTTPRedirect binding will fit
> this usecase)?

Honestly, I'd recommend Browser/POST.

> - in that case, should I download the OpenSAML 2.0 source from
> https://projects.middleware.georgetown.edu/viewcvs/java-opensaml2/trunk/,
> build it and use it that way

OpenSAML 2.0 does not yet have binding or profile support, so you're
out of luck there.

Tom

Archive powered by MHonArc 2.6.16.

Top of Page