OpenSAML user discussion

[Andreas Vallen <>]

Hi Tom,

Tom Scavo schrieb:
> On 1/15/07, Andreas Vallen 
> <>
>  wrote:
> > Access Manager (version: 7.0/05Q4 + SAMLv2 plugin) does not 
> > dynamically resolve a partner
> > entity's metadata as proposed by the "well-known location" method in 
> > the metadata spec.
>
> If I'm understanding you correctly, this is irrelevant.  The SP wishes
> to communicate its desire for signed assertions to the IdP, not the
> other way 'round.

Yes of course, this dynamic resolution doesn't work in the other direction neither. I 
understood that this is what you meant by producing and consuming metadata.

> > However it produces and uses metadata for its own configuration. So 
> > possibly it is no
> > Access Manager bug after all - I will try again with 
> > "WantAssertionSigned" set to 'false'.
>
> So your IdP is hardwired to sign responses (not assertions)?  It
> doesn't consume SP metadata and act accordingly?  Just curious...

Until now we used a custom configuration attribute to determine if to
sign assertions. Thanks to our new awareness of the semantic of the
attribute, we may change it to use the metadata attribute ;-)

Cheers,
Andreas


--
Andreas Vallen  Software Engineer
fun communications GmbH   Lorenzstrasse 29   D-76135 Karlsruhe
Tel: +49 721 96448-132   Fax: +49 721 96448-299

   www.fun.de