Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Sigining of Assertion instead of Response

Subject: OpenSAML user discussion

List archive

Re: Sigining of Assertion instead of Response


Chronological Thread 
  • From: "Tom Scavo" <>
  • To:
  • Subject: Re: Sigining of Assertion instead of Response
  • Date: Mon, 15 Jan 2007 14:55:30 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=mdghR+9wjMsTFF+pap6woHBmtrPLZcMAIgaC2S4kb0Z/pQTYu0nWkLIA0uFlrO5AhcCoZJgwpx943mq9VuSLEm7AKivRgb99l9b4ZRVECp0oym5mMfAc6OEwt85lhonGEA6mK0e9mSQ+PVO7vHs2wk1OrJR2WnoGctxC3Ex7vKY=

On 1/15/07, Andreas Vallen
<>
wrote:

Access Manager (version: 7.0/05Q4 + SAMLv2 plugin) does not dynamically
resolve a partner
entity's metadata as proposed by the "well-known location" method in the
metadata spec.

If I'm understanding you correctly, this is irrelevant. The SP wishes
to communicate its desire for signed assertions to the IdP, not the
other way 'round.

However it produces and uses metadata for its own configuration. So possibly
it is no
Access Manager bug after all - I will try again with "WantAssertionSigned"
set to 'false'.

So your IdP is hardwired to sign responses (not assertions)? It
doesn't consume SP metadata and act accordingly? Just curious...

Cheers,
Tom



Archive powered by MHonArc 2.6.16.

Top of Page