OpenSAML user discussion

[Brent Putman <>]

Yes, correct about signatures.

You supply your public key to the IdP when you register, in case you want to send signed messages or do client TLS to the IdP (or have the IdP encrypt data to you in its responses).

It supplies its public key to you in the form of metadata that you can download and consume for validating signatues it generates (or for encrypting data to the IdP in your requests).  If your SP implementation doesn't directly consume SAML metadata, then just manually extract the IdP's keys and other information and store however you like.

The exchange of info between IdP and an SP is generally a 2-way thing.


Pantvaidya, Vishwajit wrote:

For signatures, don't you sign with the private key and then the recipient validates with the public key? So I thought, the test IdP since it would generate a signed SAML message would need a private key to test with.


-----Original Message-----
From: Scott Cantor []
Sent: Friday, November 07, 2008 4:42 PM
To: 
Subject: RE: [OpenSAML] [OpenSAML2] Testing SAML relying party browser post profile

  

The test IdP seems just right. Does it let me provide my own
    

public-private
  

or secret keys that I generated to test my SP?
    

You have to supply metadata, which includes the public key. Your private key
is your business.

-- Scott