mace-opensaml-users - RE: putting a handle in opensaml 1.0 assertion xml...
Subject: OpenSAML user discussion
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: putting a handle in opensaml 1.0 assertion xml...
- Date: Mon, 2 Jul 2007 10:55:37 -0400
- Organization: The Ohio State University
> I am working with openSAML 1.0. We have a requirement of carrying around a
> 'reference handle' in the assertion. From what I have heard from other
> developers it is not possible to insert extra nodes within the assertion
> xml as this leads to the assertion xml not being validated by opensaml (as
> I hear, its possible with the next version of opensaml).
No, it's not. You should never expect an invalid SAML instance to work. If
it happens to work, that's simply a case of the code not checking at a given
point in time or with a schema. You cannot rely on this, and sending XML
like that is a bug, not a feature to be exploited.
There are many extension points in the schemas, and they are what you have
to use to carry undefined content. Advice in particular.
> Therefore I am
> planning to inject the handle as a Comment node in the xml. Therefore
> assertion is created in the way -
That would be a bad idea and would not work, as you already discovered.
-- Scott
- putting a handle in opensaml 1.0 assertion xml..., Gitesh Malik, 07/02/2007
- Re: putting a handle in opensaml 1.0 assertion xml..., Tom Scavo, 07/02/2007
- RE: putting a handle in opensaml 1.0 assertion xml..., Scott Cantor, 07/02/2007
Archive powered by MHonArc 2.6.16.