mace-opensaml-users - Re: Sigining of Assertion instead of Response
Subject: OpenSAML user discussion
List archive
- From: Andreas Vallen <>
- To:
- Subject: Re: Sigining of Assertion instead of Response
- Date: Tue, 16 Jan 2007 13:29:13 +0100
Hi Tom,
Tom Scavo schrieb:
On 1/15/07, Andreas Vallen
<>
wrote:
Access Manager (version: 7.0/05Q4 + SAMLv2 plugin) does not dynamically resolve a partner
entity's metadata as proposed by the "well-known location" method in the metadata spec.
If I'm understanding you correctly, this is irrelevant. The SP wishes
to communicate its desire for signed assertions to the IdP, not the
other way 'round.
Yes of course, this dynamic resolution doesn't work in the other direction neither. I understood that this is what you meant by producing and consuming metadata.
However it produces and uses metadata for its own configuration. So possibly it is no
Access Manager bug after all - I will try again with "WantAssertionSigned" set to 'false'.
So your IdP is hardwired to sign responses (not assertions)? It
doesn't consume SP metadata and act accordingly? Just curious...
Until now we used a custom configuration attribute to determine if to
sign assertions. Thanks to our new awareness of the semantic of the
attribute, we may change it to use the metadata attribute ;-)
Cheers,
Andreas
--
Andreas Vallen Software Engineer
fun communications GmbH Lorenzstrasse 29 D-76135 Karlsruhe
Tel: +49 721 96448-132 Fax: +49 721 96448-299
www.fun.de
- Sigining of Assertion instead of Response, Andreas Vallen, 01/15/2007
- Re: Sigining of Assertion instead of Response, Tom Scavo, 01/15/2007
- Re: Sigining of Assertion instead of Response, Andreas Vallen, 01/15/2007
- Re: Sigining of Assertion instead of Response, Tom Scavo, 01/15/2007
- Re: Sigining of Assertion instead of Response, Andreas Vallen, 01/16/2007
- Re: Sigining of Assertion instead of Response, Tom Scavo, 01/15/2007
- Re: Sigining of Assertion instead of Response, Andreas Vallen, 01/15/2007
- RE: Sigining of Assertion instead of Response, Scott Cantor, 01/15/2007
- Re: Sigining of Assertion instead of Response, Andreas Vallen, 01/16/2007
- Re: Sigining of Assertion instead of Response, Tom Scavo, 01/16/2007
- RE: Sigining of Assertion instead of Response, Scott Cantor, 01/16/2007
- Re: Sigining of Assertion instead of Response, Andreas Vallen, 01/16/2007
- RE: Sigining of Assertion instead of Response, Scott Cantor, 01/16/2007
- Re: Sigining of Assertion instead of Response, Andreas Vallen, 01/16/2007
- Re: Sigining of Assertion instead of Response, Andreas Vallen, 01/16/2007
- Re: Sigining of Assertion instead of Response, Tom Scavo, 01/15/2007
Archive powered by MHonArc 2.6.16.