Skip to Content.
Sympa Menu

mace-opensaml-users - RE: Saml 2.0

Subject: OpenSAML user discussion

List archive

RE: Saml 2.0


Chronological Thread 
  • From: "Scott Cantor" <>
  • To: "'Tom Scavo'" <>
  • Cc: <>
  • Subject: RE: Saml 2.0
  • Date: Wed, 27 Sep 2006 11:15:49 -0400
  • Organization: The Ohio State University

> Will OpenSAML support some subset of the bindings specified in the
> SAML V2.0 Bindings specification?

That's what I meant by MessageEncoders. I just checked in the first batch,
everything but Redirect, then I'm moving to Decoders, and then I'll get back
to Redirect and figure out how to do DEFLATE in C++.

I don't believe it's viable to implement a binding that is a true
send/receive model with these, they're not the same as a direct
communication path.

> For example, if I were implementing
> a SAML SP, would there be an API for binding an AuthnRequest to an
> HTTP POST response? (Just an example to lend some context to my
> question.)

I don't believe it's wise to embed an actual browser response in the
library, even via callbacks. The configuration insulation alone would be
ugly and limiting.

I have encoders that sign the message and produce the form parameters
necessary to send the message, and that's all. The rest is up to callbacks
and surrounding code. So a direct answer to that question would be no, it's
the SP that binds the result to an HTML form, not the library.

If the Encoders work as intended, the code that does this will be more or
less binding independent, just slamming the parameters into the HTML.
Artifact mapping is handled inside the Encoder, for example, so the caller
just hands in a message and gets back what to place on the URL or in the
form.

And of course, this isn't Java, so I have nothing much to say about that.

-- Scott




Archive powered by MHonArc 2.6.16.

Top of Page