OpenSAML user discussion

[Brent Putman <>]

Scott Cantor wrote:
> Deena Gurajala wrote on 2009-08-25:
>   
>> You can use the following method to decompress the incoming request.
>>     
>
> Your code is just reimplementing the MessageDecoder framework that's already
> in the library.
>
> Signature verification, which was the original question, is a hugely complex
> issue, since verification alone is still leaving out the trust question.
>
> Verification alone relies on a Validator object, I think.
>   


There is a Validator for XML Signatures, but if the question is about
the raw/blob signature of HTTP Redirect DEFLATE, that is only
implemented in a SecurityPolicyRule.

That component is the
org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule,
which is supplied to a MessageContext as a part of a SecurityPolicy:

http://svn.middleware.georgetown.edu/view/java-opensaml2/branches/REL_2/src/main/java/org/opensaml/saml2/binding/security/SAML2HTTPRedirectDeflateSignatureRule.java?revision=1399&view=markup


The use of the MessageContext and MessageDecoder components is mostly
not currently documented very well, but the unit test for this rule
actually illustrates the basics (be sure to also see the test super class):

http://svn.middleware.georgetown.edu/view/java-opensaml2/branches/REL_2/src/test/java/org/opensaml/saml2/binding/security/SAML2HTTPRedirectDeflateSignatureSecurityPolicyRuleTest.java?revision=1408&view=markup


The rule requires a SignatureTrustEngine, about which some more info can
be found on the signature user's manual page:

https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManJavaDSIG


--Brent