Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Verify a SAML token

Subject: OpenSAML user discussion

List archive

Re: Verify a SAML token


Chronological Thread 
  • From: Mike Klein <>
  • To:
  • Subject: Re: Verify a SAML token
  • Date: Mon, 04 Jun 2007 18:08:49 -0700
  • Organization: Virtual Appliance, Inc.

There is wiki page for this.

https://spaces.internet2.edu/display/SHIB/OSTwoUserManJavaDSIG



Mike Mattozzi wrote:
> Hi,
>
> What would be the equivalent of this in OpenSAML 2.0?
>
> thanks, Mike
>
> -----Original Message-----
> # From: "George Stanchev" <
> >
> # To: <
> >
> # Subject: RE: Verify a SAML token
> # Date: Thu, 24 May 2007 14:59:54 -0700
> # Thread-index: AceeRDGX5egc6jTaRt6JVDpdin4gwQAAxjCQ
> # Thread-topic: Verify a SAML token
>
> I assume you are talking about verfiy() not validate() in OpenSAML1.1...
>
> In openSAML1.1, you have
> to manually pull the signature signing matherial (either
> public key or X509 certificate) and compare it yourself
> against the STS public key you have stored locally.
>
> You can use asserion.getX509Certificates() to extract
> the signing materials. If the signature contains a public key,
> it's a bit more complicated. OpenSAML1.1 uses XML-Security
> as underlying XML PKI engine and you can get a hold of the
> native object and work with it directly:
>
> Object sigObj = assertion.getNativeSignature();
> if (sigObj instanceof XMLSignature) {
> XMLSignature sig = (XMLSignature) sigObj;
> KeyInfo ki = sig.getKeyInfo();
> if (ki != null) {
> PublicKey pk = null;
> try {
> pk = ki.getPublicKey();
> } catch (KeyResolverException e) {
> ...
>
> Once you have the public keys, you can compare directly or
> walk up the certificate chain you have locally.
>
> Best Regards,
> George



Archive powered by MHonArc 2.6.16.

Top of Page