SAML 1.1 help
Kevin Brown
kevinbrownbdc at gmail.com
Fri Dec 28 14:48:54 MST 2012
So, new job... I've been tasked with implementing SSO using SAML 1.1. The
client provided a document that gives an example of the Response object
that will be forwarded into our site when a user goes to login. I'm trying
to figure out how to validate the XML that I'm given so that I don't
blindly trust that the document hasn't been modified in some way or just
faked.
I have the keys (DigestValue and SignatureValue), but when I try to do a
sha1 of the xml (minus all the parts in the <Signature></Signature>
section, the hash doesn't match.
Does anyone have any experience with this that they might be able to point
me in the right direction?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20121228/318975b2/attachment.html>
More information about the PLUG-discuss
mailing list