Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Assertion Decryption

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Assertion Decryption


Chronological Thread 
  • From: Brent Putman <>
  • To:
  • Subject: Re: [OpenSAML] Assertion Decryption
  • Date: Mon, 15 Mar 2010 23:36:59 -0400



On 3/15/2010 9:50 PM, Scott Cantor wrote:
>
>> This method looks for child ds:EncryptedKey child elements. In this case,
>> there aren't any ds:EncryptedKey child elements because the ds:KeyInfo
>> element only contains a ds:RetrievalMethod child element.
>>
> Which doesn't appear to be pointing to anything, so that's pretty strange.
>



I think he just didn't send us the full EncryptedAssertion, only the
EncryptedData. If he had, we would see the EncryptedKeys as children,
and the RetrievalMethod would correctly point to them (and the
EncryptedKey's DataReference would link back to the EncryptedData, as
per E43).



> In any case, if you want code that works the normal way you'll
> probably need to look at Shibboleth to find what you're doing differently.


At least in terms of the Java, it wouldn't help really, b/c we don't yet
do any decryption in the IdP (i.e. don't yet support EncryptedID), so
there's no examples there. There are however lots of examples in the
unit tests for both the generic xmlooling encrypter and decrypter, as
well as the opensaml2 specialized ones for the SAML 2 stuff.




Archive powered by MHonArc 2.6.16.

Top of Page