mace-opensaml-users - Re: [OpenSAML] Assertion Decryption
Subject: OpenSAML user discussion
List archive
- From: Dennis Roberts <>
- To:
- Subject: Re: [OpenSAML] Assertion Decryption
- Date: Mon, 15 Mar 2010 23:10:48 -0700
No, it's all supported.
If you want or need the EncryptedKey's "inline" within in the
EncryptedData's KeyInfo, just call encrypter.setKeyPlacement(INLINE)
before you do the encryption. Then they should be resolvable by the
InlineEncryptedKeyResolver.
Another suggestion is: In the real world, for an actual deployment, you
don't necessarily know in advance how someone sending you encrypted SAML
structures will place the EncryptedKeys. So the best thing to do is
actually supply the Decrypter with a ChainingEncryptedKeyResolver, that
as members has any or all of the above. That way you cover all the
bases. They will be evaluated in the order they are added to the
chaining resolver's List.
It all makes perfect sense...now that I know what the answer is. :-)
I'll give this a try tomorrow.
Thanks,
Dennis
- Assertion Decryption, Dennis Roberts, 03/15/2010
- RE: [OpenSAML] Assertion Decryption, Scott Cantor, 03/15/2010
- Re: [OpenSAML] Assertion Decryption, Brent Putman, 03/15/2010
- Re: [OpenSAML] Assertion Decryption, Brent Putman, 03/15/2010
- Re: [OpenSAML] Assertion Decryption, Dennis Roberts, 03/16/2010
- Re: [OpenSAML] Assertion Decryption, Brent Putman, 03/15/2010
- Re: [OpenSAML] Assertion Decryption, Brent Putman, 03/15/2010
- Re: [OpenSAML] Assertion Decryption, Dennis Roberts, 03/16/2010
- Re: [OpenSAML] Assertion Decryption, Dennis Roberts, 03/16/2010
- RE: [OpenSAML] Assertion Decryption, Scott Cantor, 03/15/2010
Archive powered by MHonArc 2.6.16.