Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Classes needed for validating a saml assertion with a public key

Subject: OpenSAML user discussion

List archive

Re: Classes needed for validating a saml assertion with a public key


Chronological Thread 
  • From: Brent Putman <>
  • To:
  • Subject: Re: Classes needed for validating a saml assertion with a public key
  • Date: Wed, 16 Jan 2008 17:59:52 -0500


Håkon Sagehaug wrote:
Hi

See questions/comments inline

2008/1/15, Brent Putman <>:


Note also that a KeyInfoCredentialResolver can do all of this for you,
that's its reason for existence.  A basic usage using the default
KeyInfo resolver config from the global security configuration would be:

KeyInfoCredentialResolver keyInfoResolver =

Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver();

CriteriaSet criteriaSet = new CriteriaSet( new
KeyInfoCriteria(signature.getKeyInfo ()) );

Iterable<Credential> credentials = keyInfoResolver.resolve(criteriaSet);

Here only the credentials  that matches the keyinfo from the signature are returned, or??




Yes, it "processes" the specified KeyInfo and returns the keys/certs represented by that KeyInfo, in the form of implementations of our Credential interface.  It doesn't do anything with respect to the signature though, it can be used on any KeyInfo (e.g. those used with XML Encryption and within SAML metadata).

Archive powered by MHonArc 2.6.16.

Top of Page