Skip to Content.
Sympa Menu

mace-opensaml-users - RE: Verify a SAML token

Subject: OpenSAML user discussion

List archive

RE: Verify a SAML token


Chronological Thread 
  • From: "Mike Mattozzi" <>
  • To:
  • Subject: RE: Verify a SAML token
  • Date: Mon, 4 Jun 2007 18:06:09 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=BXxitIwsYfc0A1ci5bi2ug4ha75AuTvbTHi4H53ve0bgy9hdHJh4L2jFG13LncTcpvY5F0nVs7zY31BNQs6U3yEHl1kgb0POMupb8T+3Z8rOaGJAgDiNX5bY+HmIw5wT7mV/DxBDwYdyd44YfCAYZyz4R9XIRfbL4cO0Sa94ujk=
Hi,

What would be the equivalent of this in OpenSAML 2.0?

thanks, Mike

-----Original Message-----
# From: "George Stanchev" <
>
# To: <
>
# Subject: RE: Verify a SAML token
# Date: Thu, 24 May 2007 14:59:54 -0700
# Thread-index: AceeRDGX5egc6jTaRt6JVDpdin4gwQAAxjCQ
# Thread-topic: Verify a SAML token

I assume you are talking about verfiy() not validate() in OpenSAML1.1...

In openSAML1.1, you have
to manually pull the signature signing matherial (either
public key or X509 certificate) and compare it yourself
against the STS public key you have stored locally.

You can use asserion.getX509Certificates() to extract
the signing materials. If the signature contains a public key,
it's a bit more complicated. OpenSAML1.1 uses XML-Security
as underlying XML PKI engine and you can get a hold of the
native object and work with it directly:

Object sigObj = assertion.getNativeSignature();
if (sigObj instanceof XMLSignature) {
XMLSignature sig = (XMLSignature) sigObj;
KeyInfo ki = sig.getKeyInfo();
if (ki != null) {
PublicKey pk = null;
try {
pk = ki.getPublicKey();
} catch (KeyResolverException e) {
...

Once you have the public keys, you can compare directly or
walk up the certificate chain you have locally.

Best Regards,
George

Archive powered by MHonArc 2.6.16.

Top of Page