Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Testing SAML relying party browser post profile

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Testing SAML relying party browser post profile


Chronological Thread 
  • From: Brent Putman <>
  • To:
  • Subject: Re: [OpenSAML] Testing SAML relying party browser post profile
  • Date: Fri, 07 Nov 2008 22:12:38 -0500

Yes, correct about signatures.

You supply your public key to the IdP when you register, in case you want to send signed messages or do client TLS to the IdP (or have the IdP encrypt data to you in its responses).

It supplies its public key to you in the form of metadata that you can download and consume for validating signatues it generates (or for encrypting data to the IdP in your requests).  If your SP implementation doesn't directly consume SAML metadata, then just manually extract the IdP's keys and other information and store however you like.

The exchange of info between IdP and an SP is generally a 2-way thing.


Pantvaidya, Vishwajit wrote:
For signatures, don't you sign with the private key and then the recipient validates with the public key? So I thought, the test IdP since it would generate a signed SAML message would need a private key to test with.


-----Original Message-----
From: Scott Cantor []
Sent: Friday, November 07, 2008 4:42 PM
To: 
Subject: RE: [OpenSAML] [OpenSAML2] Testing SAML relying party browser post profile

  
The test IdP seems just right. Does it let me provide my own
    
public-private
  
or secret keys that I generated to test my SP?
    

You have to supply metadata, which includes the public key. Your private key
is your business.

-- Scott


  



Archive powered by MHonArc 2.6.16.

Top of Page