mace-opensaml-users - RE: Can't validate Signature of SAML 1.0 Assertion resulting from decrypted EncryptedData

Subject: OpenSAML user discussion

List archive

RE: Can't validate Signature of SAML 1.0 Assertion resulting from decrypted EncryptedData

From: "Scott Cantor" <>
To: <>
Subject: RE: Can't validate Signature of SAML 1.0 Assertion resulting from decrypted EncryptedData
Date: Fri, 6 Apr 2007 21:28:47 -0400
Organization: The Ohio State University

A quick glance at the 1.x Assertion implementation classes indicates at a
minimum that it's buggy. It's illegally establishing "IDness" regardless of
the SAML version, instead of checking MinorVersion and leaving 1.0 out.

That explains why your unmarshalled assertion would verify, but it
shouldn't, as I said in my previous note.

-- Scott

Can't validate Signature of SAML 1.0 Assertion resulting from decrypted EncryptedData, Enrique Rodriguez, 04/06/2007
- RE: Can't validate Signature of SAML 1.0 Assertion resulting from decrypted EncryptedData, Scott Cantor, 04/06/2007
- RE: Can't validate Signature of SAML 1.0 Assertion resulting from decrypted EncryptedData, Scott Cantor, 04/06/2007
- Message not available
  - Re: Can't validate Signature of SAML 1.0 Assertion resulting from decrypted EncryptedData, Brent Putman, 04/06/2007
    - Re: Can't validate Signature of SAML 1.0 Assertion resulting from decrypted EncryptedData, Enrique Rodriguez, 04/06/2007
      - RE: Can't validate Signature of SAML 1.0 Assertion resulting from decrypted EncryptedData, Scott Cantor, 04/07/2007
    - Re: Can't validate Signature of SAML 1.0 Assertion resulting from decrypted EncryptedData, Brent Putman, 04/12/2007
      - Re: Can't validate Signature of SAML 1.0 Assertion resulting from decrypted EncryptedData, Enrique Rodriguez, 04/13/2007

List archive

RE: Can't validate Signature of SAML 1.0 Assertion resulting from decrypted EncryptedData