Skip to Content.
Sympa Menu

mace-opensaml-users - RE: Verify a SAML token

Subject: OpenSAML user discussion

List archive

RE: Verify a SAML token


Chronological Thread 
  • From: "Scott Cantor" <>
  • To: <>
  • Subject: RE: Verify a SAML token
  • Date: Thu, 24 May 2007 17:27:01 -0400
  • Organization: The Ohio State University

> I there a convenient way to use OpenSAML to verify the SAML token.
> SAMLAssertion.validate() seems only to check XML characteristics.
> Do you know a tutroial?

There is no documentation for OpenSAML 1 and the small bit of 2.0 docs are
out of date at the moment in this area. There is no method I can recall by
that name with that class name, so I don't know what version you're using
here.

1.x includes verify methods on the SAMLSignedObject class for examining
signatures. Trust is out of scope.

2.0 includes a more comprehensive API but it's still getting finished, in
Java anyway.

Validators in 2.0 can do anything, XML rules are merely one option. I
believe the raw signature checks are still handled with a validator object,
apart from the higher level trust engine APIs.

-- Scott





Archive powered by MHonArc 2.6.16.

Top of Page