Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] how to deliver personal infocard keyinfo to app?

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] how to deliver personal infocard keyinfo to app?


Chronological Thread 
  • From: "Joana M. F. Trindade" <>
  • To:
  • Subject: Re: [Shib-Dev] how to deliver personal infocard keyinfo to app?
  • Date: Sat, 9 Aug 2008 20:54:32 -0300
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=dYbbXLvPZC6gsYFUMM/Vq7UxykslxpkO2UtErdYlhmrqgs2ovSmi7AlJJdSzpS5K5o iLrdG1ItDkndF1PLeiyDS5DyGZRTBm1Xj3ny72FT9b++JrMavGlBnWVwypoPkze+LcYe mvsdxHOo8itxbdXgqyUw5DjH2sYJqfOPbyqmc=

Hi,

As Tom pointed out, we recently implemented something similar. What we do is
compute the SHA-1 hash of the public key bytes according to RFC5820, and
encode it in Base64. An example is available here (look for KeyInfo in the
SubjectConfirmation element):

https://gsoc2008.ncsa.uiuc.edu/sso-demo/SAMLResponse.xml

As you can see, we populate the KeyInfo with both the certificate and the SHA-1
hash we computed from the cert. This method for computing the SKI from RFC5820
is trivial, and also used by Apache WSS4J and bouncycastle API.

HTH,
Joana

--
Joana M. F. da Trindade

Email:
Personal Homepage: http://joanatrindade.wikidot.com
LinkedIn: http://www.linkedin.com/in/joanatrindade



Archive powered by MHonArc 2.6.16.

Top of Page