OpenSAML user discussion

[Brent Putman <>]

On 10/5/10 5:31 PM, rangeli nepal wrote:
> I thought http post will be easier that redirect


I'm not sure what you mean by "easier".  In any case, you have to
process what you are sent by the sender.  If they use the redirect
binding, you have to use the redirect rule. If they use the post
binding, you use the post rule.  No ambiguity.

Those particular rules do have logic to detect whether they should
attempt to run, based on the HTTP method, and bail out if the method is
not appropriate to the rule.


> as message is not
> divided in parts ( request,relay,signature,sigalg) 


Actually HTTP-Post SimpleSign has all of those parameters (as form
params, not query paramrs) and as well as an additional one for key
material that redirect does not have.



> and they are not
> deflated either. am I wrong?

Correct, in HTTP-Post, it's not deflated.

If you are using the OpenSAML decoders, you shouldn't have to worry
about any of that, though.  They take care of all of that for you.  The
security rules do also - you just use them, you don't have to worry
about those implementation details.

--Brent