mace-opensaml-users - Re: Signing a SAML token

Subject: OpenSAML user discussion

List archive

Re: Signing a SAML token

From: Brent Putman <>
To:
Subject: Re: Signing a SAML token
Date: Wed, 12 Mar 2008 21:33:57 -0400

Scott Cantor wrote:

I have read the specs but can't really figure out something. Does the
signature of a SAML token, with confirmation method set to
sender-vouches, needs to reference both the assertion and the binary
security token?


Please use saml-dev for SAML questions. However what you're asking isn't a
SAML question because signatures in SAML cover SAML only.

From what I know of WSS, it isn't even a valid question there because SAML
assertions are not binary security tokens.

I assumed he meant a binary security token that represents a signing key, for example an STR that lives in Assertion/Signature/KeyInfo or another Signature/KeyInfo in the Security header.

And I think no, the Assertion signature can't cover that. Another signature might, I suppose.

Deploying opensaml 2.0 in Jboss 4.2.0, (continued)
- Re: Re: Signing a SAML object, matthew . webb, 03/11/2008
  - Re: Signing a SAML object, Brent Putman, 03/11/2008
    - Re: Signing a SAML object, Chad La Joie, 03/12/2008
      - Re: Signing a SAML object, Brent Putman, 03/12/2008
      - Signing a SAML token, Benjamin Coiffe, 03/12/2008
        
        Re: Signing a SAML token, Chad La Joie, 03/12/2008
        
        Re: Signing a SAML token, Brent Putman, 03/12/2008
        
        RE: Signing a SAML token, Scott Cantor, 03/12/2008
        
        Message not available
        
        Re: Signing a SAML token, Brent Putman, 03/12/2008
        
        RE: Signing a SAML token, Scott Cantor, 03/12/2008

List archive

Re: Signing a SAML token