mace-opensaml-users - Re: [OpenSAML] Reconstructing Signature Object during HTTP Redirect Binding
Subject: OpenSAML user discussion
List archive
- From: Brent Putman <>
- To:
- Subject: Re: [OpenSAML] Reconstructing Signature Object during HTTP Redirect Binding
- Date: Tue, 07 Sep 2010 18:31:34 -0400
On 9/5/10 5:16 AM, rangeli nepal wrote:
> Good Morning Everybody,
>
> I have a system where I can receive AuthnRequest on Http Redirect
> Binding and use SAML2HTTPRedirectDeflateSignatureRule to validate the
> signatre blob.
So you're talking about the simple raw/blob signature over the protocol
message here, right? Per that binding, the AuthnRequest can't have an
XML signature, so I'll assume that's what you are talking about.
>
> I was going through
>
> https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManJavaDSIG
>
> Reading the last example I realize my approach might have one problem
> i.e I am not validating the profile of the signature.
All of the examples there are for XML Signatures, for which SAML has a
profile. That's what the signature profile validator checks, to confirm
correctness and conformance, and also to prevent certain kinds of DoS
attacks against the recipient.
The simple raw/blob signature used in the HTTP-Redirect DEFLATE binding
doesn't have any such profile, so what you see on the wiki really isn't
relevant.
> However in order
> to validate the signature
> in case HTTP Redirrect binding case I need authnRequest,signature and
> siglag.
>
> I am not sure how I can rebuild Signautre Object from wire?
The simple blob signature are not calculated using a Signature
XMLObject, that's only for XML signatures. You can't create a Signature
object from the HTTP-Redirect DEFLATE binding simple raw signature, nor
do you need to. It's not relevant.
- [OpenSAML] Reconstructing Signature Object during HTTP Redirect Binding, rangeli nepal, 09/05/2010
- Re: [OpenSAML] Reconstructing Signature Object during HTTP Redirect Binding, Brent Putman, 09/07/2010
- Re: [OpenSAML] Reconstructing Signature Object during HTTP Redirect Binding, rangeli nepal, 09/07/2010
- Re: [OpenSAML] Reconstructing Signature Object during HTTP Redirect Binding, Brent Putman, 09/07/2010
Archive powered by MHonArc 2.6.16.