mace-opensaml-users - Re: SAML signature reference

Subject: OpenSAML user discussion

List archive

Re: SAML signature reference

From: Brent Putman <>
To:
Subject: Re: SAML signature reference
Date: Fri, 06 Apr 2007 21:57:20 -0400

Scott Cantor wrote:

My own code is hardwiring the c14n algorithm, so I'll probably change
that, but the digest is automatic based on the signature algorithm.


Or not. I was calling something with a default parameter, didn't realize it.
I'll need to add a setDigest option on my SAML reference object, the Java
should do the same.

Laurent,

I've updated the SAMLObjectContentReference to allow the caller to set both the digest method and list of transforms. Same defaults as before. You should be able to grab the auto-attached content reference and change the options before you marshall and sign.

I debated whether the transforms should be directly manipulatable. Per the SAML spec, the transforms SHOULD consist only of the enveloped signature transform and exclusive canonicalization transform (with or without comments), but it's not a MUST. I suppose we might revisit and make the only transforms option a boolean toggle of with/without comments for the exclusive c14n.

--Brent

SAML signature reference, Laurent CHARTIER, 04/06/2007
- RE: SAML signature reference, Scott Cantor, 04/06/2007
- Message not available
  - RE: SAML signature reference, Scott Cantor, 04/06/2007
- Message not available
  - Message not available
    - Re: SAML signature reference, Brent Putman, 04/06/2007
      - RE: SAML signature reference, Scott Cantor, 04/06/2007
      - Message not available
        
        RE: SAML signature reference, Scott Cantor, 04/06/2007

List archive

Re: SAML signature reference