Re: SAML 1.1 help

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M.MJoseph Sinclair at <-
M\MKevin Brown at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Eric Cope
Date:  
To: Main PLUG discussion list
Subject: Re: SAML 1.1 help
Is it version 2.0 or 1.1?

On Dec 28, 2012, at 4:37 PM, Joseph Sinclair <> wrote:

> Sounds like you're trying to do the XMLDSIG[1] verification part of the SAML[2] authentication protocol.
> Most languages and platforms have a library mechanism to do this as it's not as simple as computing the hash (the content is hashed in a particular form for consistency, and there are a few specific transformations required).
>
> What language and/or platform are you using?
>
> [1] XMLDSIG : http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/
> [2] SAML 2.0 : https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
>
> On 12/28/2012 02:48 PM, Kevin Brown wrote:
>> So, new job... I've been tasked with implementing SSO using SAML 1.1. The
>> client provided a document that gives an example of the Response object
>> that will be forwarded into our site when a user goes to login. I'm trying
>> to figure out how to validate the XML that I'm given so that I don't
>> blindly trust that the document hasn't been modified in some way or just
>> faked.
>> I have the keys (DigestValue and SignatureValue), but when I try to do a
>> sha1 of the xml (minus all the parts in the <Signature></Signature>
>> section, the hash doesn't match.
>> Does anyone have any experience with this that they might be able to point
>> me in the right direction?
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list -
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: SAML 1.1 helpRe: Email Migration->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)