mace-opensaml-users - Re: [OpenSAML] Assertion Decryption
Subject: OpenSAML user discussion
List archive
- From: Brent Putman <>
- To:
- Subject: Re: [OpenSAML] Assertion Decryption
- Date: Mon, 15 Mar 2010 23:36:59 -0400
On 3/15/2010 9:50 PM, Scott Cantor wrote:
>
>> This method looks for child ds:EncryptedKey child elements. In this case,
>> there aren't any ds:EncryptedKey child elements because the ds:KeyInfo
>> element only contains a ds:RetrievalMethod child element.
>>
> Which doesn't appear to be pointing to anything, so that's pretty strange.
>
I think he just didn't send us the full EncryptedAssertion, only the
EncryptedData. If he had, we would see the EncryptedKeys as children,
and the RetrievalMethod would correctly point to them (and the
EncryptedKey's DataReference would link back to the EncryptedData, as
per E43).
> In any case, if you want code that works the normal way you'll
> probably need to look at Shibboleth to find what you're doing differently.
At least in terms of the Java, it wouldn't help really, b/c we don't yet
do any decryption in the IdP (i.e. don't yet support EncryptedID), so
there's no examples there. There are however lots of examples in the
unit tests for both the generic xmlooling encrypter and decrypter, as
well as the opensaml2 specialized ones for the SAML 2 stuff.
- Assertion Decryption, Dennis Roberts, 03/15/2010
- RE: [OpenSAML] Assertion Decryption, Scott Cantor, 03/15/2010
- Re: [OpenSAML] Assertion Decryption, Brent Putman, 03/15/2010
- Re: [OpenSAML] Assertion Decryption, Brent Putman, 03/15/2010
- Re: [OpenSAML] Assertion Decryption, Dennis Roberts, 03/16/2010
- Re: [OpenSAML] Assertion Decryption, Brent Putman, 03/15/2010
- Re: [OpenSAML] Assertion Decryption, Brent Putman, 03/15/2010
- Re: [OpenSAML] Assertion Decryption, Dennis Roberts, 03/16/2010
- Re: [OpenSAML] Assertion Decryption, Dennis Roberts, 03/16/2010
- RE: [OpenSAML] Assertion Decryption, Scott Cantor, 03/15/2010
Archive powered by MHonArc 2.6.16.