mace-opensaml-users - Re: [OpenSAML] Testing SAML relying party browser post profile
Subject: OpenSAML user discussion
List archive
- From: Brent Putman <>
- To:
- Subject: Re: [OpenSAML] Testing SAML relying party browser post profile
- Date: Fri, 07 Nov 2008 22:12:38 -0500
Yes, correct about signatures. You supply your public key to the IdP when you register, in case you want to send signed messages or do client TLS to the IdP (or have the IdP encrypt data to you in its responses). It supplies its public key to you in the form of metadata that you can download and consume for validating signatues it generates (or for encrypting data to the IdP in your requests). If your SP implementation doesn't directly consume SAML metadata, then just manually extract the IdP's keys and other information and store however you like. The exchange of info between IdP and an SP is generally a 2-way thing. Pantvaidya, Vishwajit wrote: For signatures, don't you sign with the private key and then the recipient validates with the public key? So I thought, the test IdP since it would generate a signed SAML message would need a private key to test with. -----Original Message----- From: Scott Cantor [] Sent: Friday, November 07, 2008 4:42 PM To: Subject: RE: [OpenSAML] [OpenSAML2] Testing SAML relying party browser post profileThe test IdP seems just right. Does it let me provide my ownpublic-privateor secret keys that I generated to test my SP?You have to supply metadata, which includes the public key. Your private key is your business. -- Scott |
- [OpenSAML2] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/07/2008
- Re: [OpenSAML] [OpenSAML2] Testing SAML relying party browser post profile, Brent Putman, 11/07/2008
- RE: [OpenSAML] [OpenSAML2] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/07/2008
- RE: [OpenSAML] [OpenSAML2] Testing SAML relying party browser post profile, Scott Cantor, 11/07/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/07/2008
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 11/07/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/07/2008
- RE: [OpenSAML] [OpenSAML2] Testing SAML relying party browser post profile, Scott Cantor, 11/07/2008
- RE: [OpenSAML] [OpenSAML2] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/07/2008
- Re: [OpenSAML] [OpenSAML2] Testing SAML relying party browser post profile, Brent Putman, 11/07/2008
Archive powered by MHonArc 2.6.16.