mace-opensaml-users - RE: [OpenSAML] Unable to extract SAML token
Subject: OpenSAML user discussion
List archive
- From: "Satish Burnwal" <>
- To: <>
- Subject: RE: [OpenSAML] Unable to extract SAML token
- Date: Mon, 4 Aug 2008 16:13:12 +0530
- Authentication-results: sj-dkim-4; ; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
Brent et al:
Thanks for the clarification and prompt follow ups.
Thanks
-Satish
-----Original Message-----
From: Brent Putman
[mailto:]
Sent: Friday, August 01, 2008 12:40 PM
To:
Subject: Re: [OpenSAML] Unable to extract SAML token
Satish Burnwal wrote:
> I just took a look at the SAML 1.1 schema and that also uses
> AssertionID attribute and not the ID atribute. ID attr is used in SAML 2.0
ver only.
Yes, but note that SAML 1.1 AssertionID is of type xml:ID. At the schema
level, it is an ID attribute, pure and simple.
> My
> question is - and as I find at quite a few places over the internet - can
I
> use the URI reference value as the value of AssertionID ? Is it really a
> standard (and if so any doc to suffice that) ?
>
Yes, you can in general use the value of an xml:ID-typed attribute as
the referent of a ds:Reference/@URI to do a same-document reference. As
Scott said, not really sure if that is what you are supposed to do
vis-a-vis WS-Security, it might be more standard to wrap in an STR.
Haven't read those specs in a while.
> And Tom - what I posted is SAML 1.0 sample and not 1.1. Just the
> NameIdentifier format is 1.1
>
Well, actually what you originally posted is SAML 1.1. It contains this:
<saml:Assertion .... MajorVersion="1" MinorVersion="1">
That canonically defines it as SAML 1.1. I don't know whether the rest
of the Assertion is valid SAML 1.1 (as opposed to SAML 1.0) or not,
haven't compared it element by element.
Note that some of the various URN's used in SAML 1.1 (e.g. namespace
URI's) contain the rather misleading subcomponent "1.0". That's just a
legacy of the way they "extended" 1.0 to create 1.1. With 2.0, new
namespaces were also created.
The way you know what you have is always via the Major- and MinorVersion
attributes.
--Brent
- RE: [OpenSAML] Unable to extract SAML token, Satish Burnwal, 08/01/2008
- <Possible follow-up(s)>
- Re: [OpenSAML] Unable to extract SAML token, Brent Putman, 08/01/2008
- Re: [OpenSAML] Unable to extract SAML token, Brent Putman, 08/01/2008
- RE: [OpenSAML] Unable to extract SAML token, Satish Burnwal, 08/04/2008
Archive powered by MHonArc 2.6.16.