mace-opensaml-users - Re: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?
Subject: OpenSAML user discussion
List archive
Re: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?
Chronological Thread
- From: Paul Hethmon <>
- To: OpenSAML List <>
- Subject: Re: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?
- Date: Thu, 28 Apr 2011 15:13:05 +0000
- Accept-language: en-US
It depends on your business requirements. I take Scott's approach and
highly recommend it. If my IdP or SP has a certificate in a metadata file,
then I implicitly trust it.
Think of it this way. You are going to acquire that metadata file (and
certificate) via some out of band process. There will be some sort of
business arrangement between you and the other party. All set up and
handled outside of the technical arena. You don't need that certificate to
be signed and trusted by a commercial CA. You have an arrangement with the
partner and having established that arrangement, you already implicitly
trust them. Why pay a commercial CA? You do not gain anything by doing so.
Paul
On 4/28/11 11:06 AM, "Gina Choi"
<>
wrote:
>Thanks Paul and Scott for your response. I thought that
>signatureValidator.validate(signature) handles everything. By the way, do
>you
>have any recommendation on dealing with trust management? For example,
>what
>kind of items do I need to check except expiration date?
>
- [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?, Gina Choi, 04/28/2011
- Re: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?, Paul Hethmon, 04/28/2011
- RE: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?, Cantor, Scott E., 04/28/2011
- RE: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?, Gina Choi, 04/28/2011
- Re: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?, Paul Hethmon, 04/28/2011
- RE: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?, Cantor, Scott E., 04/28/2011
- Re: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?, Brent Putman, 04/28/2011
- RE: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?, Gina Choi, 04/28/2011
- RE: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?, Cantor, Scott E., 04/28/2011
- RE: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?, Gina Choi, 04/28/2011
- Re: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?, Michael Kjorling, 04/29/2011
- RE: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?, Cantor, Scott E., 04/28/2011
- RE: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?, Gina Choi, 04/28/2011
- RE: [OpenSAML] How to validate signing certificate of the SAML token in the relaying party?, Gina Choi, 04/28/2011
Archive powered by MHonArc 2.6.16.