Shibboleth Developers

[<>]

To add some additional information.  I was able to get the other IDP product to change such that it included the x509 certificate used for encryption, and that solved the problem. 

 

My question now becomes whether this is considered

 

1)      A requirement Shibboleth SPs place on IDPs to interoperate.

2)      Something the Shibboleth SP can handle, but requires specific configuration to do (which I failed to find).

3)      A Shibboleth SP bug that will get attention at some point.

4)      An unimplemented  Shibboleth SP feature that is not likely to be implemented.

 

Thanks,
Jeff

 

From: Brent Putman [mailto:]
Sent: Tuesday, March 11, 2008 6:58 PM
To:
Subject: Re: Shibboleth SP - Handling Encrypted Assertions

 

wrote:

Does the Shibboleth SP have a requirement that Encrypted Assertions must include a copy of the x509 certificate used to encrypt the KeyInfo? 

I'll have to let Scott speak to what the current SP does/doesn't do, but my understanding was that it wasn't intended to require it.

When the Shibboleth IDP encrypts an assertion, it includes a copy of the SP’s x509 certificate, although I am unsure as to whether this is strictly required (could it not be assumed?).

No, it's not required by any profile, etc.  With XML Encryption, the sender/encrypter can include a KeyInfo hint with the (public) key by value or by reference/identifier, or it can leave it out entirely.  In the latter case, as you speculated, presumably the recipient/decrypter will know from context (the sender, etc) which one was used, or at least can constrain the set down to a small number of its local keys to try.  Often the recipient (e.g. SP) might have only 1 key anyway.

 

I am trying to test the Shibboleth SP with a different SAML IDP product, and it is not including a copy of the SP’s encryption certificate, and here is the sequence of messages I see in the logfile:

Out of curiosity, and if you can share: which IdP product?

 

The logging differences make me think the issue is the lack of including the X509Certificate, but I am not entirely sure if the problem is related to the KeyInfo encryption algorithm (another point of variance, the Shibboleth IDP uses rsa-oaep-mgf1p, but this product is using rsa-1_5 by default, and I have not fully investigated changing this algorithm).

FYI, the Shib IdP defaults to using rsa-oaep-mgf1p if the encrypted data encryption key is AES, and rsa-1_5 if it was Triple DES.  That's consistent with the recommendations in the XML Encryption spec.  AES-128 (and so with RSA-OAEP encrypted key transport) is the IdP default data encryption algorithm.

I'm pretty sure the SP easily supports both of those RSA key transport algorithms, via the Apache XML security lib.  rsa-1_5 is probably the more common one in fact and least likely to be broken I would imagine.

--Brent