mace-opensaml-users - Re: [OpenSAML] Validate Signature sent via HTTPRedirect
Subject: OpenSAML user discussion
List archive
- From: John Gonzales <>
- To:
- Cc: "Cantor, Scott E." <>
- Subject: Re: [OpenSAML] Validate Signature sent via HTTPRedirect
- Date: Mon, 14 Feb 2011 21:22:53 -0600
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=tWEXuMkXaP5BPQ1D3i/lwVw7hfHXv9L/nFojBXE0DFzXQPGci3VF9NxLPDIsw78oVZ 54dyuuZHZce4oQj94UfZBESzmid52Q/xyP7yrshT9Wc78bUZK3Kp51zARsyDJAIhTapd VEzA20KNjekiVrbeMAeuV2d1GVc8pk7MbqGCc=
On 11-02-14 9:18 PM, Cantor, Scott E. wrote:
The saml-conformance-2.0-os.pdf states otherwise. I see WebSSO with HTTP Redirect listed in Table 1: Possible Implementations. Is this document outdated?I'm trying to validate a signature that is being sent along with aIf you're doing SSO, that's not legal (redirect is not a valid binding
SAMLResponse to my service provider via the HTTPRedirect protocol binding.
with that leg of the profile), but regardless, redirect signatures are not
XML signatures and are not inside the XML, they're constructed from the
URL parameters. Refer to the binding specification.
-- Scott
- [OpenSAML] Validate Signature sent via HTTPRedirect, John Gonzales, 02/14/2011
- Re: [OpenSAML] Validate Signature sent via HTTPRedirect, Cantor, Scott E., 02/14/2011
- Re: [OpenSAML] Validate Signature sent via HTTPRedirect, John Gonzales, 02/14/2011
- Re: [OpenSAML] Validate Signature sent via HTTPRedirect, Cantor, Scott E., 02/14/2011
- Re: [OpenSAML] Validate Signature sent via HTTPRedirect, John Gonzales, 02/14/2011
- Re: [OpenSAML] Validate Signature sent via HTTPRedirect, Cantor, Scott E., 02/14/2011
Archive powered by MHonArc 2.6.16.