Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Verify a SAML token

Subject: OpenSAML user discussion

List archive

Re: Verify a SAML token


Chronological Thread 
  • From: Scott Cantor <>
  • To:
  • Subject: Re: Verify a SAML token
  • Date: Tue, 05 Jun 2007 17:50:14 -0400

Mike Klein wrote:
I am using routines documented on this page to verify signer of identity
document and to verify/sign assertions. Code seems to work fine and
messages are tamper-proof.

Yes, as long as your use case is simple enough that a single
predetermined certificate is available for each signer and you do the mapping between who the signer is and where the certificate is.

Grabbing a public cert from a keystore can be done in 3 lines of code or
so...this isn't an issue. OpenSAML won't provide you an uber-keystore
concept or anything I think so you'll need to load and cache them yourself.

Actually, that's pretty much exactly what it does, or will do, along with support for TLS/SSL connection management with the same trust facilities.

-- Scott



Archive powered by MHonArc 2.6.16.

Top of Page