mace-opensaml-users - Re: Signing a SAML token

Subject: OpenSAML user discussion

List archive

Re: Signing a SAML token

From: Brent Putman <>
To:
Subject: Re: Signing a SAML token
Date: Wed, 12 Mar 2008 21:27:57 -0400

Indeed not only requires, but may only have a single Reference, to the Assertion element. So no, it can't cover anything but that.

Are you sure you aren't confusing the signature on the SAML Assertion token (from the Assertion issuer) with another separate Signature that is part of the WS-S Security header, and covers whatever you want it to cover?

Chad La Joie wrote:

SAML only requires that the assertion signature cover the assertion itself.

Benjamin Coiffe wrote:

Hi all,

I have read the specs but can't really figure out something. Does the
signature of a SAML token, with confirmation method set to
sender-vouches, needs to reference both the assertion and the binary
security token?

I ask this cause WebLogic 9.2 seems to require it and I don't understand
why?

Any help appreciated,
Thanks

Benjamin Coiffe

Signing a SAML object, matthew . webb, 03/07/2008
- Re: Signing a SAML object, Brent Putman, 03/07/2008
  - Deploying opensaml 2.0 in Jboss 4.2.0, Singh, Manish, 03/14/2008
    - Re: Deploying opensaml 2.0 in Jboss 4.2.0, Chad La Joie, 03/14/2008
- <Possible follow-up(s)>
- Re: Re: Signing a SAML object, matthew . webb, 03/11/2008
  - Re: Signing a SAML object, Brent Putman, 03/11/2008
    - Re: Signing a SAML object, Chad La Joie, 03/12/2008
      - Re: Signing a SAML object, Brent Putman, 03/12/2008
      - Signing a SAML token, Benjamin Coiffe, 03/12/2008
        
        Re: Signing a SAML token, Chad La Joie, 03/12/2008
        
        Re: Signing a SAML token, Brent Putman, 03/12/2008
        
        RE: Signing a SAML token, Scott Cantor, 03/12/2008
        
        Message not available
        
        Re: Signing a SAML token, Brent Putman, 03/12/2008
        
        RE: Signing a SAML token, Scott Cantor, 03/12/2008

List archive

Re: Signing a SAML token