Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Testing SAML relying party browser post profile

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Testing SAML relying party browser post profile


Chronological Thread 
  • From: "Pantvaidya, Vishwajit" <>
  • To: "''" <>
  • Subject: Re: [OpenSAML] Testing SAML relying party browser post profile
  • Date: Fri, 7 Nov 2008 19:22:48 -0800
  • Accept-language: en-US
  • Acceptlanguage: en-US

Ok - so the test IdP will sign the saml msg using its own private key and I
can validate that using its public key that it gives me, right?

And if I need encryption it will encrypt the saml msg using my pub key that I
give to it when I register. And my SP can decrypt it using my own private key
right?

--------------------------
Sent from my BlackBerry Wireless Handheld


----- Original Message -----
From: Brent Putman
<>
To:


<>
Sent: Fri Nov 07 19:12:38 2008
Subject: Re: [OpenSAML] Testing SAML relying party browser post profile

Yes, correct about signatures.

You supply your public key to the IdP when you register, in case you want to
send signed messages or do client TLS to the IdP (or have the IdP encrypt
data to you in its responses).

It supplies its public key to you in the form of metadata that you can
download and consume for validating signatues it generates (or for encrypting
data to the IdP in your requests). If your SP implementation doesn't
directly consume SAML metadata, then just manually extract the IdP's keys and
other information and store however you like.

The exchange of info between IdP and an SP is generally a 2-way thing.


Pantvaidya, Vishwajit wrote:

For signatures, don't you sign with the private key and then the
recipient validates with the public key? So I thought, the test IdP since it
would generate a signed SAML message would need a private key to test with.


-----Original Message-----
From: Scott Cantor
[mailto:]
Sent: Friday, November 07, 2008 4:42 PM
To:

Subject: RE: [OpenSAML] [OpenSAML2] Testing SAML relying party
browser post profile



The test IdP seems just right. Does it let me provide my own


public-private


or secret keys that I generated to test my SP?



You have to supply metadata, which includes the public key. Your
private key
is your business.

-- Scott







Archive powered by MHonArc 2.6.16.

Top of Page