mace-opensaml-users - RE: SAML signature reference
Subject: OpenSAML user discussion
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: SAML signature reference
- Date: Fri, 6 Apr 2007 22:09:27 -0400
- Organization: The Ohio State University
> Theoretically, we should probably block the use of that object with SAML
> 1.0 objects, though. It will just lead to errors (per the other note).
Actually, what I did (and I just broke in my last check-in but will undo)
was to use a getXMLID() function on the object and if that came back empty,
I do a whole doc sign with URI="". That's about all that you can make work
for SAML 1.0, and it does at least handle POST profile signing, which is
about all you can do for 1.0 anyway.
That way the SAML ContentReference object does a semi-correct thing for 1.0
but doesn't produce bogus ID-referenced signatures.
-- Scott
- SAML signature reference, Laurent CHARTIER, 04/06/2007
- RE: SAML signature reference, Scott Cantor, 04/06/2007
- Message not available
- RE: SAML signature reference, Scott Cantor, 04/06/2007
- Message not available
- Message not available
- Re: SAML signature reference, Brent Putman, 04/06/2007
- RE: SAML signature reference, Scott Cantor, 04/06/2007
- Message not available
- RE: SAML signature reference, Scott Cantor, 04/06/2007
- Re: SAML signature reference, Brent Putman, 04/06/2007
- Message not available
Archive powered by MHonArc 2.6.16.