OpenSAML user discussion

["Scott Cantor" <>]

> So I will be the first to say that I don't know everything 
> about the SAML spec, but I was fairly sure that you could use 
> an X.509 cert as the confirmation data so basically that is 
> what I am trying to do.  Plus sign the SAML assertion with 
> another key.

You can, but in SAML 1.1 you have to put KeyInfo data like that into a
dedicated element inside of SubjectConfirmation, not inside
SubjectConfirmationData.

> I am not sure what is going on, I am fairly sure I have a 
> confirmation method in there at least my output to System.out 
> shows it being in there.
> 
> Any ideas because I am stumped?

I suspect the error is just misleading and the real problem is more to do
with limitations on that stuff in the code. You'll be much better off using
the 2.0 code when it's done, because it will support subject confirmation
properly. For starters, I think SubjectConfirmationData in the old code is
confined to a string.

I think the KeyInfo option has been used a little, but you'll have to put it
inside the SubjectConfirmation element.

-- Scott