mace-opensaml-users - Re: Verify a SAML token
Subject: OpenSAML user discussion
List archive
- From: "Mike Mattozzi" <>
- To:
- Subject: Re: Verify a SAML token
- Date: Tue, 5 Jun 2007 14:07:12 -0700
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=bI6KJAfEKtiBlK8GAFyy+/Z3xyWMI0DL2akLJpQzDRmPfaB7Q8X+Wp+Eu+tFR37ij5zfxYaXISlUf1b1GwfE0CwjopywzNXa6OKzLVGB0GZommzLdCDmJkPMlb+gKWHQYp2E0cE5jEXlxEfSfLWYwRSuNpfl2Y4WreoNQDBIufw=
Is the PKIXX509EntityCredentialTrustEngine or the
BasicSignatureTrustEngine functional yet? I'm a little confused about
how to get started with trust engines and the concept of
CredentialCriteria. Are there any examples of how to use this to
verify a signed saml assertion?
As you might guess, I'm new to opensaml and I find the api for
marshalling and unmarshalling assertions along with walking through
the elements of the assertion to be quite intuitive... but I'm a
little confused about the best way to take the next step to start
acting on the key data and Action information contained within. I'm
assuming there's better methods than writing my own code to pull down
public keys and use the signaturevalidator?
Appreciate the help, Mike
On 6/4/07, Mike Klein
<>
wrote:
There is wiki page for this.
https://spaces.internet2.edu/display/SHIB/OSTwoUserManJavaDSIG
Mike Mattozzi wrote:
> Hi,
>
> What would be the equivalent of this in OpenSAML 2.0?
>
> thanks, Mike
>
> -----Original Message-----
> # From: "George Stanchev" <
>
> # To: <
>
> # Subject: RE: Verify a SAML token
> # Date: Thu, 24 May 2007 14:59:54 -0700
> # Thread-index: AceeRDGX5egc6jTaRt6JVDpdin4gwQAAxjCQ
> # Thread-topic: Verify a SAML token
>
> I assume you are talking about verfiy() not validate() in OpenSAML1.1...
>
> In openSAML1.1, you have
> to manually pull the signature signing matherial (either
> public key or X509 certificate) and compare it yourself
> against the STS public key you have stored locally.
>
> You can use asserion.getX509Certificates() to extract
> the signing materials. If the signature contains a public key,
> it's a bit more complicated. OpenSAML1.1 uses XML-Security
> as underlying XML PKI engine and you can get a hold of the
> native object and work with it directly:
>
> Object sigObj = assertion.getNativeSignature();
> if (sigObj instanceof XMLSignature) {
> XMLSignature sig = (XMLSignature) sigObj;
> KeyInfo ki = sig.getKeyInfo();
> if (ki != null) {
> PublicKey pk = null;
> try {
> pk = ki.getPublicKey();
> } catch (KeyResolverException e) {
> ...
>
> Once you have the public keys, you can compare directly or
> walk up the certificate chain you have locally.
>
> Best Regards,
> George
- RE: Verify a SAML token, Mike Mattozzi, 06/04/2007
- Re: Verify a SAML token, Mike Klein, 06/04/2007
- Re: Verify a SAML token, Mike Mattozzi, 06/05/2007
- Re: Verify a SAML token, Chad La Joie, 06/05/2007
- Re: Verify a SAML token, Mike Klein, 06/05/2007
- Re: Verify a SAML token, Scott Cantor, 06/05/2007
- Re: Verify a SAML token, Mike Mattozzi, 06/05/2007
- Re: Verify a SAML token, Chad La Joie, 06/05/2007
- Re: Verify a SAML token, Brent Putman, 06/05/2007
- Signature XPointer References (was Re: Verify a SAML token), Brent Putman, 06/06/2007
- Re: Signature XPointer References (was Re: Verify a SAML token), Mike Mattozzi, 06/07/2007
- Re: Signature XPointer References (was Re: Verify a SAML token), Brent Putman, 06/07/2007
- Re: Signature XPointer References (was Re: Verify a SAML token), Mike Mattozzi, 06/08/2007
- Re: Verify a SAML token, Mike Mattozzi, 06/05/2007
- Re: Verify a SAML token, Scott Cantor, 06/05/2007
- Re: Verify a SAML token, Mike Mattozzi, 06/05/2007
- Re: Verify a SAML token, Mike Klein, 06/04/2007
Archive powered by MHonArc 2.6.16.