OpenSAML user discussion

[John Gonzales <>]

OK. I'll take a crack at it.

Thanks!

On 09/02/2011 9:16 AM, Chad La Joie wrote:
> No, not really, much of this is more black magic than science.
>
> The basics are decently simply though.  You need a key pair, and
> optionally a cert.  You can find lots of docs on how to create those.
> OpenSSL is probably the most common tool for that.  After that you can
> just use the classes I mentioned before to read that data in.  Then
> just invoke the Signer.sign() method and let it do the magic part.
>
> On Wed, Feb 9, 2011 at 10:13, John 
> Gonzales<>
>   wrote:
> > Thanks Chad,
> >
> > That is helpful to know. So I guess my real problem then is that I'm still
> > pretty green to JCE. I plan on using the RSAwithSHA1 approach for signing
> > the SAML message. Any recommendations on resources that'll help me started?
> >
> > Thanks again for the help!
> >
> > -jg.
> >
> > On 09/02/2011 4:53 AM, Chad La Joie wrote:
> > > The framework doesn't expect the credential to be created in any certain
> > > way.  So, whatever way works best for your application is fine.
> > >
> > > As to how to get the private key, that's also up to you.  If the private
> > > key is in a DER, PEM, or PKCS12 encoded file you might want to check the
> > > SecurityHelper class for helper methods to decode such a file.  If
> > > you're going to want the cert to show up in the signature then X509Util
> > > also provides similar helper methods for reading in certs/crls.  If your
> > > key is in a Java keystore then you just use the normal JDK API for
> > > accessing that.
> > >
> > > On 2/9/11 3:07 AM, John Gonzales wrote:
> > > > Hi there,
> > > >
> > > > I'm following this guide for how to sign a SAML message:
> > > > https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManJavaDSIG
> > > >
> > > > However, it doesn't explain how to actually obtain a signing credential
> > > > with the OpenSAML API.
> > > >
> > > > Here's my implementation of the getSigningCredential method referenced
> > > > in the guide.
> > > >
> > > >      public static Credential getSigningCredential() {
> > > >          BasicCredential credential = new BasicCredential();
> > > >          credential.setPrivateKey(null); // HOW?
> > > >          return credential;
> > > >      }
> > > >
> > > > I'm not sure how to obtain a PrivateKey, but more generally, I'm not
> > > > even sure if this how the OpenSAML framework expects the signing
> > > > credential to be generated.
> > > >
> > > > I've searched around the documentation and have come to a point where
> > > > some help might be all I need to move forward.
> > > >
> > > > -jg.