Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Sigining of Assertion instead of Response

Subject: OpenSAML user discussion

List archive

Re: Sigining of Assertion instead of Response


Chronological Thread 
  • From: "Tom Scavo" <>
  • To:
  • Subject: Re: Sigining of Assertion instead of Response
  • Date: Mon, 15 Jan 2007 10:23:01 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=VLnluB5uot8uThImz+mGarA0L0r0pK49Jz4DqIYkmxjkm0SpR4Yg35lcsOr8POuQHSBMGwBGpGXaxAlIOCdlO8nrS26xwDRm8WsvqUAvNPFicwFOrAW1rrwlED0MxzUeEfin2K0H8cQR/yETK7naX49FmcN+0cBagkBER4fSwRQ=

On 1/15/07, Andreas Vallen
<>
wrote:

The version of the Sun Access Manager product that we test our opensaml-based
IDP against,
expects the Assertion element instead of the Response element to be signed
(in the case of
successfull Responses).

This is clearly a Access Manager bug - it should work either way.

FYI, a Shibboleth SP (which is based on OpenSAML) communicates its
desire for signed assertions via metadata:

<md:SPSSODescriptor
WantAssertionsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">

So now I'm curious ;-) does Sun Access Manager produce SAML metadata,
and does your IdP consume it?

Tom



Archive powered by MHonArc 2.6.16.

Top of Page