Skip to Content.
Sympa Menu

mace-opensaml-users - Should SignatureValidator validate whether a certificate is expired or active?

Subject: OpenSAML user discussion

List archive

Should SignatureValidator validate whether a certificate is expired or active?


Chronological Thread 
  • From:
  • To:
  • Subject: Should SignatureValidator validate whether a certificate is expired or active?
  • Date: Wed, 1 Jul 2009 12:59:06 -0400 (EDT)


While testing we found that the SignatureValidator.validate method indicated
that a saml a signature was valid using an expired certificate. Is this
appropriate behavior or should the validate method also validate the
certificate?

Is there some other place that the certificate is validated? We have a very
simple implementation and are not using a trust engine.

Its not a big deal as we've added code to check the validity of the
certificate before validating the signature. I'm just wondering if this is a
bug or by design?

Thanks.



Archive powered by MHonArc 2.6.16.

Top of Page