OpenSAML user discussion

[Brent Putman <>]

wrote:

Thanks Brent very much .The problem has been solved. :)

  

Glad that you got it working.

  I have double-checked my Saml Assertion, I found, the difference between the Assertion from sender and the Assertion received at SP  is the former had more '/n' than the latter. I thought this was the reason of SignatureValidator.validate(..) failed. 

Yes, that will definitely cause the failure.

Then I encoded the Saml Assertion used Base64 before sending, just as expected, the SignatureValidator.validate(..) passed.
 Now I want to know  whether the Assertion must be encoded before sending to SP?
  

As Scott said, it's determined by the binding that you are using.   Most or all of the non-SOAP bindings of SAML usually specify that the SAML data is base64 encoded.  One of the reasons is precisely this one, to avoid corrupting the XML when it goes through browsers and so forth.

For this and also for other reasons of interoperability with other SAML systems, you probably want to look at conforming to one or more of the defined SAML bindings, rather than trying to invent something new:

http://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf

--Brent