So, new job... I've been tasked with implementing SSO using SAML 1.1. The
client provided a document that gives an example of the Response object
that will be forwarded into our site when a user goes to login. I'm trying
to figure out how to validate the XML that I'm given so that I don't
blindly trust that the document hasn't been modified in some way or just
faked.
I have the keys (DigestValue and SignatureValue), but when I try to do a
sha1 of the xml (minus all the parts in the <Signature></Signature>
section, the hash doesn't match.
Does anyone have any experience with this that they might be able to point
me in the right direction?
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss