mace-opensaml-users - Re: [OpenSAML] Signing SAML Messages - HOWTO Create Signing Credential
Subject: OpenSAML user discussion
List archive
- From: Chad La Joie <>
- To:
- Subject: Re: [OpenSAML] Signing SAML Messages - HOWTO Create Signing Credential
- Date: Wed, 9 Feb 2011 10:16:20 -0500
No, not really, much of this is more black magic than science.
The basics are decently simply though. You need a key pair, and
optionally a cert. You can find lots of docs on how to create those.
OpenSSL is probably the most common tool for that. After that you can
just use the classes I mentioned before to read that data in. Then
just invoke the Signer.sign() method and let it do the magic part.
On Wed, Feb 9, 2011 at 10:13, John Gonzales
<>
wrote:
> Thanks Chad,
>
> That is helpful to know. So I guess my real problem then is that I'm still
> pretty green to JCE. I plan on using the RSAwithSHA1 approach for signing
> the SAML message. Any recommendations on resources that'll help me started?
>
> Thanks again for the help!
>
> -jg.
>
> On 09/02/2011 4:53 AM, Chad La Joie wrote:
>>
>> The framework doesn't expect the credential to be created in any certain
>> way. So, whatever way works best for your application is fine.
>>
>> As to how to get the private key, that's also up to you. If the private
>> key is in a DER, PEM, or PKCS12 encoded file you might want to check the
>> SecurityHelper class for helper methods to decode such a file. If
>> you're going to want the cert to show up in the signature then X509Util
>> also provides similar helper methods for reading in certs/crls. If your
>> key is in a Java keystore then you just use the normal JDK API for
>> accessing that.
>>
>> On 2/9/11 3:07 AM, John Gonzales wrote:
>>>
>>> Hi there,
>>>
>>> I'm following this guide for how to sign a SAML message:
>>> https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManJavaDSIG
>>>
>>> However, it doesn't explain how to actually obtain a signing credential
>>> with the OpenSAML API.
>>>
>>> Here's my implementation of the getSigningCredential method referenced
>>> in the guide.
>>>
>>> public static Credential getSigningCredential() {
>>> BasicCredential credential = new BasicCredential();
>>> credential.setPrivateKey(null); // HOW?
>>> return credential;
>>> }
>>>
>>> I'm not sure how to obtain a PrivateKey, but more generally, I'm not
>>> even sure if this how the OpenSAML framework expects the signing
>>> credential to be generated.
>>>
>>> I've searched around the documentation and have come to a point where
>>> some help might be all I need to move forward.
>>>
>>> -jg.
>>>
>
>
--
Chad La Joie
www.itumi.biz
trusted identities, delivered
- [OpenSAML] Signing SAML Messages - HOWTO Create Signing Credential, John Gonzales, 02/09/2011
- Re: [OpenSAML] Signing SAML Messages - HOWTO Create Signing Credential, Chad La Joie, 02/09/2011
- Re: [OpenSAML] Signing SAML Messages - HOWTO Create Signing Credential, John Gonzales, 02/09/2011
- Re: [OpenSAML] Signing SAML Messages - HOWTO Create Signing Credential, Chad La Joie, 02/09/2011
- Re: [OpenSAML] Signing SAML Messages - HOWTO Create Signing Credential, John Gonzales, 02/09/2011
- Re: [OpenSAML] Signing SAML Messages - HOWTO Create Signing Credential, Paul Hethmon, 02/09/2011
- Re: [OpenSAML] Signing SAML Messages - HOWTO Create Signing Credential, John Gonzales, 02/09/2011
- Re: [OpenSAML] Signing SAML Messages - HOWTO Create Signing Credential, Chad La Joie, 02/09/2011
- Re: [OpenSAML] Signing SAML Messages - HOWTO Create Signing Credential, John Gonzales, 02/09/2011
- Re: [OpenSAML] Signing SAML Messages - HOWTO Create Signing Credential, Chad La Joie, 02/09/2011
Archive powered by MHonArc 2.6.16.