OpenSAML user discussion

[Brent Putman <>]

Hans,
I was going through messages I had flagged... Just letting you know,
this was implemented sometime in the last week.

Note that the validation is not implemented in the decoder itself, see
the SecurityPolicyRule implementation:
org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule

This typically would be run by a SecurityPolicy attached to the
MessageContext being processed (decoded).

The security policy rule is not unit tested yet.  Hope to get to that
soon.  Do you (or anyone) have or know of any good test vector data with
which to test the simple signing (non-XML signature) use cases?  Known
good test data for both the HTTP-Redirect DEFLATE and the draft
HTTP-POST-SimpleSign bindings would be of use, e.g. the encoded/signed
query string or POST form, and associated key/key pair used for
signing.  I don't trust our encoders (yet) to generate the stuff to test
the validation...  :-)

--Brent



 wrote:
> Hello,
>
> Is there a schedule for the implementation of the validation of the signing 
> in the HTTPRedirectDeflateDecoder?
>
> Regards,
> Hans Wijnsouw
>