OpenSAML user discussion

[John Gonzales <>]

Thanks Chad,

That is helpful to know. So I guess my real problem then is that I'm 
still pretty green to JCE. I plan on using the RSAwithSHA1 approach for 
signing the SAML message. Any recommendations on resources that'll help 
me started?

Thanks again for the help!

-jg.

On 09/02/2011 4:53 AM, Chad La Joie wrote:
> The framework doesn't expect the credential to be created in any certain
> way.  So, whatever way works best for your application is fine.
>
> As to how to get the private key, that's also up to you.  If the private
> key is in a DER, PEM, or PKCS12 encoded file you might want to check the
> SecurityHelper class for helper methods to decode such a file.  If
> you're going to want the cert to show up in the signature then X509Util
> also provides similar helper methods for reading in certs/crls.  If your
> key is in a Java keystore then you just use the normal JDK API for
> accessing that.
>
> On 2/9/11 3:07 AM, John Gonzales wrote:
> > Hi there,
> >
> > I'm following this guide for how to sign a SAML message:
> > https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManJavaDSIG
> >
> > However, it doesn't explain how to actually obtain a signing credential
> > with the OpenSAML API.
> >
> > Here's my implementation of the getSigningCredential method referenced
> > in the guide.
> >
> >      public static Credential getSigningCredential() {
> >          BasicCredential credential = new BasicCredential();
> >          credential.setPrivateKey(null); // HOW?
> >          return credential;
> >      }
> >
> > I'm not sure how to obtain a PrivateKey, but more generally, I'm not
> > even sure if this how the OpenSAML framework expects the signing
> > credential to be generated.
> >
> > I've searched around the documentation and have come to a point where
> > some help might be all I need to move forward.
> >
> > -jg.