mace-opensaml-users - Metadata Validity
Subject: OpenSAML user discussion
List archive
- From: "Lhunath (Maarten B.)" <>
- To:
- Subject: Metadata Validity
- Date: Thu, 17 Dec 2009 13:18:23 +0100
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:content-type:content-transfer-encoding:subject:date:message-id :to:mime-version:x-mailer; b=mPPyZPr8TvEKgRKaKEhnsBdSRHiTnNskUL1vdoWDtD4tZV7hH1im4d/9LlUawQ0IQ4 78Kvvgib5NxhDVRrYyLatKPiJwwyh3R99QEazhTf4N6eynzNU3T6oOsH4VIU5syumPzM iX78lPcJCjsS9hLgSuae2Ay2c4o9BLaRh0jKQ=
I'm working on generating SAMLv2 metadata using OpenSAML for consumption by
Sun's OpenSSO.
I've set up the OpenSAML part and am generating metadata for three services.
OpenSSO, however, is not accepting the resulting metadata.
The following generated metadata causes OpenSSO to say "Unable to find
certificate to verify signature under element "EntityDescriptor"."
http://stuff.lhunath.com/metadata-no-cert-found.xml
I then attempted explicitly adding KeyInfo to the Signature on my
EntityDescriptor root element, which got me a bit "further":
The following generated metadata causes OpenSSO to say "Unexpected element
{urn:oasis:names:tc:SAML:2.0:metadata}:KeyDescriptor"
http://stuff.lhunath.com/metadata-unexpected-key.xml
Removing the KeyDescriptors from the metadata altogether (do they serve a
specific purpose still when they all specify the same certificate and it's
now specified in the Signature's KeyInfo?) gave me another message yet:
The following generated metadata causes OpenSSO to say "Unexpected element
{urn:oasis:names:tc:SAML:2.0:metadata}:SingleLogoutService"
http://stuff.lhunath.com/metadata-unexpected-slo.xml
As far as I can gather from the SAMLv2 Metadata specification, both metadata
files are valid; though perhaps I am overlooking something.
- Metadata Validity, Lhunath (Maarten B.), 12/17/2009
- Re: Metadata Validity, Lhunath (Maarten B.), 12/17/2009
Archive powered by MHonArc 2.6.16.