OpenSAML user discussion

[Paolo Selvini <>]

Hi,

 

I am making a pretty extensive use of metadata for my SAML2-enabled application. All my metadata files contain KeyInfos with data about public certificates to be used to verify signatures.

But, in addition, all my metadata files are themselves signed.

 

I would like to know if it is possible to access the signature of such metadata files after reading them by means of the standard "providers" available in OpenSAML 2.

Currently I am using the following code to parse an EntityDescriptor into a Java object:

 

FileBackedHTTPMetadataProvider fbmd = new FileBackedHTTPMetadataProvider(url, cachePeriod, cacheLocation + "/" + metadataFilename + ".xml");
fbmd.setParserPool(new BasicParserPool());
fbmd.initialize();
EntityDescriptor exml = (EntityDescriptor) fbmd.getMetadata();

but when I try to get the signature with

exml.getSignature()

I get a null value. Is this the right way to read metadata from a remote URL and is there another way to get the metadata signature?

Thanks,
Paolo

 

---

Le informazioni contenute in questa comunicazione e negli allegati sono riservate; e' vietato a soggetti diversi dai destinatari qualsiasi uso, copia, diffusione di quanto in essi contenuto.
Se avete ricevuto questa copia per errore, vi preghiamo di distruggerla immediatamente ed informarci via e-mail.

Prima di stampare questa e-mail consideratene l’impatto sull’ambiente. Grazie per la collaborazione.


This e-mail and any attachment(s) are strictly confidential. This message must not be copied, disclosed or used by anybody other than the intended recipient(s).
If you are not the intended recipient, please inform the sender by e-mail and destroy this message immediately.

Please consider the environment before printing this e-mail. Thank you for your cooperation.