Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Sha2 signature info requested

Subject: OpenSAML user discussion

List archive

Re: Sha2 signature info requested


Chronological Thread 
  • From: Brent Putman <>
  • To:
  • Subject: Re: Sha2 signature info requested
  • Date: Tue, 02 Oct 2007 18:14:36 -0400



Prasanna Krishna wrote:
Hi Brent -
 
Thank you for your patience and immediate appropriate reply.
 
We now have another question: 
 
At this juncture we probably cannot move with the latest saml code base for this version of ours since we are already production like.


Well, the OpenSAML stack is (just barely, as of last week) implicitly in a beta state, because we rolled out Shibboleth in beta1.  Based on the key vs. Credential API change I noted, which SVN shows took place on 5/22/07, the (alpha) code that you are using is at least 4+ months old.  There have been a lot of changes to the code since then, especially with the security related components.  I obviously can't tell you what to do, but I would strongly advise you to reconsider using that in production.



 
Please suggest how I can set the digest algorithm to 'sha1' from within the code snippet I sent you earlier.

Well, it's going to be the same mechanism, just change the algorithm URI constant:

response.setSignature(signature);
((SAMLObjectContentReference)signature.getContentReferences().get(0))
      .setDigestAlgorithm(SignatureConstants.ALGO_ID_DIGEST_SHA1);




 
Also can you please let me know or point me to the current stable distribution of open saml or is it that we should build the jars from the source?


There is currently no packaged source or binary distribution, stable or otherwise.  Checkout from SVN is still the way to go.  The OpenSAML stack is implictly in a beta1 state, concurrent with the Shibboleth beta1 (really a rolling beta), although we haven't actually formally tagged a beta1 for OpenSAML yet.  We'll probably do that very soon, to give people a consistent target against which to start really testing and developing in earnest.  However, I doubt we will be providing an official binary distribution for at least a little while - at the earliest probably a later, more formal beta stage.  We haven't discussed a timeline for that yet, it could be sooner.


--Brent



Archive powered by MHonArc 2.6.16.

Top of Page