mace-opensaml-users - Re: [OpenSAML] Unable to extract SAML token
Subject: OpenSAML user discussion
List archive
- From: Brent Putman <>
- To:
- Subject: Re: [OpenSAML] Unable to extract SAML token
- Date: Fri, 01 Aug 2008 00:09:36 -0700
Satish Burnwal wrote:
I just took a look at the SAML 1.1 schema and that also uses AssertionID
attribute and not the ID atribute. ID attr is used in SAML 2.0 ver only.
Yes, but note that SAML 1.1 AssertionID is of type xml:ID. At the schema level, it is an ID attribute, pure and simple.
My
question is - and as I find at quite a few places over the internet - can I
use the URI reference value as the value of AssertionID ? Is it really a
standard (and if so any doc to suffice that) ?
Yes, you can in general use the value of an xml:ID-typed attribute as the referent of a ds:Reference/@URI to do a same-document reference. As Scott said, not really sure if that is what you are supposed to do vis-a-vis WS-Security, it might be more standard to wrap in an STR. Haven't read those specs in a while.
And Tom - what I posted is SAML 1.0 sample and not 1.1. Just the
NameIdentifier format is 1.1
Well, actually what you originally posted is SAML 1.1. It contains this:
<saml:Assertion .... MajorVersion="1" MinorVersion="1">
That canonically defines it as SAML 1.1. I don't know whether the rest of the Assertion is valid SAML 1.1 (as opposed to SAML 1.0) or not, haven't compared it element by element.
Note that some of the various URN's used in SAML 1.1 (e.g. namespace URI's) contain the rather misleading subcomponent "1.0". That's just a legacy of the way they "extended" 1.0 to create 1.1. With 2.0, new namespaces were also created.
The way you know what you have is always via the Major- and MinorVersion attributes.
--Brent
- RE: [OpenSAML] Unable to extract SAML token, Satish Burnwal, 08/01/2008
- <Possible follow-up(s)>
- Re: [OpenSAML] Unable to extract SAML token, Brent Putman, 08/01/2008
- Re: [OpenSAML] Unable to extract SAML token, Brent Putman, 08/01/2008
- RE: [OpenSAML] Unable to extract SAML token, Satish Burnwal, 08/04/2008
Archive powered by MHonArc 2.6.16.