mace-opensaml-users - RE: Classes needed for validating a saml assertion with a public key
Subject: OpenSAML user discussion
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: Classes needed for validating a saml assertion with a public key
- Date: Tue, 15 Jan 2008 11:55:53 -0500
- Organization: The Ohio State University
> Is this right?For now I just evaluates the credential against it self for
> testing, which is built from the public key inside the <dsX509Certificate>
> element in the saml assertion, it returns true so I hope this is right,
but
> since it's my first time I wanted some feedback
I can't tell if you're asking this in the sense of "am I grasping how the
classes work" or if you're asking in a business context whether "this is a
reasonable thing to do". I always try and emphasize this, so forgive me if
you understand this already, but...
NEVER evaluate the signing key against what's inside the message. KeyInfo is
a hint about what was used. The trust evaluation MUST compare what was used
against a completely separate source of trusted information. In our project,
we believe that source should be metadata, but as a developer, you can use
anything you feel is appropriate. As long as it's *not* the KeyInfo inside
the message.
Again, ignore me if you know all this. But a lot of people don't, and they
end up with worthless code.
-- Scott
- Classes needed for validating a saml assertion with a public key, Håkon Sagehaug, 01/10/2008
- Re: Classes needed for validating a saml assertion with a public key, Brent Putman, 01/10/2008
- Re: Classes needed for validating a saml assertion with a public key, Håkon Sagehaug, 01/11/2008
- Re: Classes needed for validating a saml assertion with a public key, Håkon Sagehaug, 01/15/2008
- RE: Classes needed for validating a saml assertion with a public key, Scott Cantor, 01/15/2008
- Re: Classes needed for validating a saml assertion with a public key, Brent Putman, 01/15/2008
- Re: Classes needed for validating a saml assertion with a public key, Håkon Sagehaug, 01/16/2008
- Re: Classes needed for validating a saml assertion with a public key, Brent Putman, 01/16/2008
- Re: Classes needed for validating a saml assertion with a public key, Håkon Sagehaug, 01/16/2008
- Message not available
- Re: Classes needed for validating a saml assertion with a public key, Håkon Sagehaug, 01/16/2008
- Re: Classes needed for validating a saml assertion with a public key, Chad La Joie, 01/16/2008
- Re: Classes needed for validating a saml assertion with a public key, Håkon Sagehaug, 01/16/2008
- Re: Classes needed for validating a saml assertion with a public key, Chad La Joie, 01/16/2008
- Re: Classes needed for validating a saml assertion with a public key, Brent Putman, 01/16/2008
- Re: Classes needed for validating a saml assertion with a public key, Chad La Joie, 01/16/2008
- Re: Classes needed for validating a saml assertion with a public key, Håkon Sagehaug, 01/16/2008
- Re: Classes needed for validating a saml assertion with a public key, Håkon Sagehaug, 01/15/2008
- Re: Classes needed for validating a saml assertion with a public key, Brent Putman, 01/15/2008
- Re: Classes needed for validating a saml assertion with a public key, Håkon Sagehaug, 01/16/2008
- Re: Classes needed for validating a saml assertion with a public key, Håkon Sagehaug, 01/11/2008
- Re: Classes needed for validating a saml assertion with a public key, Brent Putman, 01/10/2008
Archive powered by MHonArc 2.6.16.