mace-opensaml-users - [OpenSAML] Holder-Of-Key method: what is and how to generate Ciphervalue field
Subject: OpenSAML user discussion
List archive
- From: Enrique Sabatel <>
- To:
- Subject: [OpenSAML] Holder-Of-Key method: what is and how to generate Ciphervalue field
- Date: Mon, 14 Feb 2011 13:17:58 +0100
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=XKGzfGSaORELFqAuD8Q41m0a4BGGHBj6/76Mi7JmnuAc8uTmQvXWCbeTkUwu/XNyjl m3xFkbC45Tjy4yUemfdYCJCfHRyiuwmfYy6QZSzh2qCFm3Kr66C0MbIkqC1qL0atKdPX tWOLqp0dGBUdP8xcPG4vIswKsJygVR/OdkwzI=
I am trying to use opensaml libraries to generate a valid SAML 2.0 token for testing purposes in a web service client without using a STS. I think i have generated most of it so it can be a valid assertion for the service (for testing purposes obviously).
But there is something left in SubjectConfirmation...
What does <xenc:CipherValue> field contains exactly and how can it be generated within my client??
I understand that an ephemeral key must be generated between client and STS (in my scenario, it should be generated in the client) and then encrypted with recipient's public cert, is this correct? And.. is this what CipherValue contains??
Any help would be much appreciated.
My Subject part should be as follows..
<saml:Subject><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"><saml:SubjectConfirmationData xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" NotBefore="2010-12-20T12:35:37.549Z" NotOnOrAfter="2010-12-20T12:40:37.549Z" xsi:type="saml:KeyInfoConfirmationDataType"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncKeyId-4A787BE16A9F37BE9712928485377682"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /><ds:KeyInfo>
<wsse:SecurityTokenReference><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">EPlMdE3oRiNlo8bGg3BLR3uGWT8=</wsse:KeyIdentifier></wsse:SecurityTokenReference>
</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Apg/J/PFyBD9ozCTWwTT1UeU4u8Lyyn2B0YausGFq+2lG7O2ZaPfesra1srrDMUHALZ74ykWlj9/Dss3+REp4DIsMQ65xQOOeokitd3/H8WxjZxDrM6DGZyv0hpdgQugrXyqOTAZ4zZHhxHhhTX4hogXr9CK9qd14xrTeIaap7o=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo></saml:SubjectConfirmationData></saml:SubjectConfirmation></saml:Subject>
- [OpenSAML] Holder-Of-Key method: what is and how to generate Ciphervalue field, Enrique Sabatel, 02/14/2011
- RE: [OpenSAML] Holder-Of-Key method: what is and how to generate Ciphervalue field, Cantor, Scott E., 02/14/2011
- Re: [OpenSAML] Holder-Of-Key method: what is and how to generate Ciphervalue field, Brent Putman, 02/14/2011
- Re: [OpenSAML] Holder-Of-Key method: what is and how to generate Ciphervalue field, Enrique Sabatel, 02/14/2011
- Re: [OpenSAML] Holder-Of-Key method: what is and how to generate Ciphervalue field, Brent Putman, 02/14/2011
- RE: [OpenSAML] Holder-Of-Key method: what is and how to generate Ciphervalue field, Cantor, Scott E., 02/14/2011
Archive powered by MHonArc 2.6.16.