Skip to Content.
Sympa Menu

mace-opensaml-users - [OpenSAML] OpenSAML AuthnRequest Consent

Subject: OpenSAML user discussion

List archive

[OpenSAML] OpenSAML AuthnRequest Consent


Chronological Thread 
  • From: Darren King <>
  • To:
  • Subject: [OpenSAML] OpenSAML AuthnRequest Consent
  • Date: Mon, 19 Jul 2010 07:13:41 -0400 (EDT)

Hi folks,

I've used OpenSAML to implement SAML2 SSO within our company, however one of
our clients has queried the format of the AuthnRequest we are sending them,
specifically with regards to the value of the "Consent" identifier within the
AuthnRequest.

My code sets the consent type as "implicit", as per below:

request.setConsent(AuthnRequest.IMPLICIT_CONSENT);

The IMPLICIT_CONSENT field is inherited from RequestAbstractType, in which the
value is set as:

public static final String IMPLICIT_CONSENT =
"urn:oasis:names:tc:SAML:2.0:consent:implicit";

The SAML2 core document (saml-core-2.0-os.pdf) lists the "Implicit" identifier
as:

urn:oasis:names:tc:SAML:2.0:consent:current-implicit

As such, is the OpenSAML value for the Implicit identifier missing the
"current-" prefix, or have I overlooked something glaringly obvious?

The same discrepancy seems to exist between the SAML2 core value for the
"Explicit" identifier and the value defined in OpenSAML, namely the OpenSAML
value missing the "current-" prefix.

Thanks in advance,

Darren



Archive powered by MHonArc 2.6.16.

Top of Page