mace-opensaml-users - Re: Verify a SAML token
Subject: OpenSAML user discussion
List archive
- From: Mike Klein <>
- To:
- Subject: Re: Verify a SAML token
- Date: Mon, 04 Jun 2007 18:08:49 -0700
- Organization: Virtual Appliance, Inc.
There is wiki page for this.
https://spaces.internet2.edu/display/SHIB/OSTwoUserManJavaDSIG
Mike Mattozzi wrote:
> Hi,
>
> What would be the equivalent of this in OpenSAML 2.0?
>
> thanks, Mike
>
> -----Original Message-----
> # From: "George Stanchev" <
> >
> # To: <
> >
> # Subject: RE: Verify a SAML token
> # Date: Thu, 24 May 2007 14:59:54 -0700
> # Thread-index: AceeRDGX5egc6jTaRt6JVDpdin4gwQAAxjCQ
> # Thread-topic: Verify a SAML token
>
> I assume you are talking about verfiy() not validate() in OpenSAML1.1...
>
> In openSAML1.1, you have
> to manually pull the signature signing matherial (either
> public key or X509 certificate) and compare it yourself
> against the STS public key you have stored locally.
>
> You can use asserion.getX509Certificates() to extract
> the signing materials. If the signature contains a public key,
> it's a bit more complicated. OpenSAML1.1 uses XML-Security
> as underlying XML PKI engine and you can get a hold of the
> native object and work with it directly:
>
> Object sigObj = assertion.getNativeSignature();
> if (sigObj instanceof XMLSignature) {
> XMLSignature sig = (XMLSignature) sigObj;
> KeyInfo ki = sig.getKeyInfo();
> if (ki != null) {
> PublicKey pk = null;
> try {
> pk = ki.getPublicKey();
> } catch (KeyResolverException e) {
> ...
>
> Once you have the public keys, you can compare directly or
> walk up the certificate chain you have locally.
>
> Best Regards,
> George
- RE: Verify a SAML token, Mike Mattozzi, 06/04/2007
- Re: Verify a SAML token, Mike Klein, 06/04/2007
- Re: Verify a SAML token, Mike Mattozzi, 06/05/2007
- Re: Verify a SAML token, Chad La Joie, 06/05/2007
- Re: Verify a SAML token, Mike Klein, 06/05/2007
- Re: Verify a SAML token, Scott Cantor, 06/05/2007
- Re: Verify a SAML token, Mike Mattozzi, 06/05/2007
- Re: Verify a SAML token, Chad La Joie, 06/05/2007
- Re: Verify a SAML token, Brent Putman, 06/05/2007
- Signature XPointer References (was Re: Verify a SAML token), Brent Putman, 06/06/2007
- Re: Signature XPointer References (was Re: Verify a SAML token), Mike Mattozzi, 06/07/2007
- Re: Signature XPointer References (was Re: Verify a SAML token), Brent Putman, 06/07/2007
- Re: Verify a SAML token, Mike Mattozzi, 06/05/2007
- Re: Verify a SAML token, Scott Cantor, 06/05/2007
- Re: Verify a SAML token, Mike Mattozzi, 06/05/2007
- Re: Verify a SAML token, Mike Klein, 06/04/2007
Archive powered by MHonArc 2.6.16.