Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Problem with XACMLPolicyStatement

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Problem with XACMLPolicyStatement


Chronological Thread 
  • From: Chad La Joie <>
  • To:
  • Subject: Re: [OpenSAML] Problem with XACMLPolicyStatement
  • Date: Sat, 31 Jul 2010 12:29:06 -0400
  • Organization: Itumi, LLC

Again, I don't see anything strange there. Looks like a valid SAML assertion.

On 7/31/10 11:17 AM,

wrote:
Hello Chad,

On Sat, Jul 31, 2010 at 3:52 PM, Chad La
Joie<>
wrote:

What do you think is strange about it?

I didn't past you the whole XML, sorry:

<?xml version="1.0" encoding="ISO-8859-1" standalone="yes"?>
<saml2:Assertion ID="_405618cd-3db7-4013-93f7-f454ec95cb7f"
IssueInstant="2010-07-31T13:28:55.147Z" Version="2.0"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">com.spirit.ws.XACML.client.SAMLXACMLv2</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_405618cd-3db7-4013-93f7-f454ec95cb7f">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
<ec:InclusiveNamespaces PrefixList="ds saml2 xacml-saml
#default xsi" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>VYEuQH0bfTEYNQ9NMKeVbP2y0BU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
sA7uL07QpQU4rdqLnEU+eqztrchbvJNf3tIwg/JGHI9/OnmCT8Fk6zY2WOMrTXO5mZ6wokWgDL6o
bnKdB70/yNrZuYO1uO4frQFjJgGsBaw3gRmB/H2K02LwjY4f4vT8yUSsK4IzOKMalv6YRupi84E4
DoXQNYiRD+IMSMarppE=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>

<ds:X509Certificate>MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQUFADCBuDELMAkGA1UEBhMCQVQxEDAOBgNVBAgT
B0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTEVMBMGA1UEChMMVGlhbmkgU3Bpcml0MRowGAYDVQQL
ExFUZXN0IENlcnRpZmljYXRlczEgMB4GA1UEAxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxMTAv
BgkqhkiG9w0BCQEWIm1hc3NpbWlsaWFuby5tYXNpQHRpYW5pLXNwaXJpdC5jb20wHhcNMTAwNTI1
MTI1NzMxWhcNMzUwMTE0MTI1NzMxWjCBlzELMAkGA1UEBhMCQVQxEDAOBgNVBAgTB0F1c3RyaWEx
FTATBgNVBAoTDFRpYW5pIFNwaXJpdDEaMBgGA1UECxMRVGVzdCBDZXJ0aWZpY2F0ZXMxEDAOBgNV
BAMTB3NlcnZlcjExMTAvBgkqhkiG9w0BCQEWIm1hc3NpbWlsaWFuby5tYXNpQHRpYW5pLXNwaXJp
dC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOKFHKAWDiI4GC4W1WFAHGkNuE3hzaMp
KaEkDYm9yJDqqEpw758iuiyOZdfRRiQuTmP6lNpT5DlJiQOLYhG5U9TS72VuK3rIncmtvAG0PPur
jsFyggbeuV169iRnkdbU2pyhu046gAINCVoJfp+9kb9EZHlDmcEs4NznFj+NtojHAgMBAAGjezB5
MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl
MB0GA1UdDgQWBBRcW+6sHYHdEZ69MdjUQ7ovetYeTzAfBgNVHSMEGDAWgBRPsGnZxUG4UGFrj7qu
E2FoiwZLQDANBgkqhkiG9w0BAQUFAAOCAQEAsqp5FZiRrkUZ72UB7lgxBxzh9Psuvb8cLoYbS/FZ
94DOrMyMscj4Nog9F006WFaVWX90NQFRPKlYRPeH52BkBGL/Dq7vbMmgAgnDAKj59BCQuPA9V8lR
ImdA9sZKH5wKjYXlonV9yIHsZFWlV0P9IEPX4RquAJXSE8ym3JwqCs65nXXDvSuaNDKRuVjkHu57
V1U7wxDDiu4aj8h4BjxkRuAf+h7PsefRycctQGhLhMPxgj+xUQzv+ribIn8cMulmxU5GvkhVmNVB
i2L1GLR8sgzv6IFsXRsIAmKUU7FS9eWx5UMZ9U5O1dZedgXFpASHQecHf0cbJqDG1jsURodZCw==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:Conditions NotBefore="2010-07-31T13:28:55.147Z"
NotOnOrAfter="2010-08-01T02:48:55.147Z"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:AudienceRestriction>
<saml2:Audience>testaudience</saml2:Audience>
<saml2:Audience>test2</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:Statement xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xacml-saml="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:assertion"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:type="xacml-saml:XACMLPolicyStatementType">
<PolicySet
PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides"
PolicySetId="MAU.12675296158691-GLOB.OID.TESTMAURO_ENV.LOCAL.OS.2.PI-DOM"
xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd";>
<Description>Test policy that permits everything</Description>
<Target/>
<Policy PolicyId="policy_id"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides"
xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os">
<Description>Test policy</Description>
<Target/>
<Rule Effect="Permit"
RuleId="urn:oasis:names:tc:xacml:2.0:example:SimpleRule1"/>
</Policy>
</PolicySet>
</saml2:Statement>
</saml2:Assertion>



--
Chad La Joie
http://itumi.biz
trusted identities, delivered



Archive powered by MHonArc 2.6.16.

Top of Page