Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Sigining of Assertion instead of Response

Subject: OpenSAML user discussion

List archive

Re: Sigining of Assertion instead of Response


Chronological Thread 
  • From: Andreas Vallen <>
  • To:
  • Subject: Re: Sigining of Assertion instead of Response
  • Date: Tue, 16 Jan 2007 13:29:13 +0100

Hi Tom,

Tom Scavo schrieb:
On 1/15/07, Andreas Vallen
<>
wrote:

Access Manager (version: 7.0/05Q4 + SAMLv2 plugin) does not dynamically resolve a partner
entity's metadata as proposed by the "well-known location" method in the metadata spec.

If I'm understanding you correctly, this is irrelevant. The SP wishes
to communicate its desire for signed assertions to the IdP, not the
other way 'round.

Yes of course, this dynamic resolution doesn't work in the other direction neither. I understood that this is what you meant by producing and consuming metadata.

However it produces and uses metadata for its own configuration. So possibly it is no
Access Manager bug after all - I will try again with "WantAssertionSigned" set to 'false'.

So your IdP is hardwired to sign responses (not assertions)? It
doesn't consume SP metadata and act accordingly? Just curious...

Until now we used a custom configuration attribute to determine if to
sign assertions. Thanks to our new awareness of the semantic of the
attribute, we may change it to use the metadata attribute ;-)

Cheers,
Andreas


--
Andreas Vallen Software Engineer
fun communications GmbH Lorenzstrasse 29 D-76135 Karlsruhe
Tel: +49 721 96448-132 Fax: +49 721 96448-299

www.fun.de



Archive powered by MHonArc 2.6.16.

Top of Page