mace-opensaml-users - Re: [OpenSAML] Testing SAML relying party browser post profile
Subject: OpenSAML user discussion
List archive
- From: "Pantvaidya, Vishwajit" <>
- To: "''" <>
- Subject: Re: [OpenSAML] Testing SAML relying party browser post profile
- Date: Fri, 7 Nov 2008 19:22:48 -0800
- Accept-language: en-US
- Acceptlanguage: en-US
Ok - so the test IdP will sign the saml msg using its own private key and I
can validate that using its public key that it gives me, right?
And if I need encryption it will encrypt the saml msg using my pub key that I
give to it when I register. And my SP can decrypt it using my own private key
right?
--------------------------
Sent from my BlackBerry Wireless Handheld
----- Original Message -----
From: Brent Putman
<>
To:
<>
Sent: Fri Nov 07 19:12:38 2008
Subject: Re: [OpenSAML] Testing SAML relying party browser post profile
Yes, correct about signatures.
You supply your public key to the IdP when you register, in case you want to
send signed messages or do client TLS to the IdP (or have the IdP encrypt
data to you in its responses).
It supplies its public key to you in the form of metadata that you can
download and consume for validating signatues it generates (or for encrypting
data to the IdP in your requests). If your SP implementation doesn't
directly consume SAML metadata, then just manually extract the IdP's keys and
other information and store however you like.
The exchange of info between IdP and an SP is generally a 2-way thing.
Pantvaidya, Vishwajit wrote:
For signatures, don't you sign with the private key and then the
recipient validates with the public key? So I thought, the test IdP since it
would generate a signed SAML message would need a private key to test with.
-----Original Message-----
From: Scott Cantor
[mailto:]
Sent: Friday, November 07, 2008 4:42 PM
To:
Subject: RE: [OpenSAML] [OpenSAML2] Testing SAML relying party
browser post profile
The test IdP seems just right. Does it let me provide my own
public-private
or secret keys that I generated to test my SP?
You have to supply metadata, which includes the public key. Your
private key
is your business.
-- Scott
- Re: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/07/2008
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 11/07/2008
- <Possible follow-up(s)>
- Re: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/07/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/10/2008
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 11/10/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/10/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Scott Cantor, 11/10/2008
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 11/10/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/10/2008
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 11/10/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/10/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/10/2008
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 11/10/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/10/2008
Archive powered by MHonArc 2.6.16.