SAML 1.1 help
Joseph Sinclair
plug-discussion at stcaz.net
Fri Dec 28 16:37:40 MST 2012
Sounds like you're trying to do the XMLDSIG[1] verification part of the SAML[2] authentication protocol.
Most languages and platforms have a library mechanism to do this as it's not as simple as computing the hash (the content is hashed in a particular form for consistency, and there are a few specific transformations required).
What language and/or platform are you using?
[1] XMLDSIG : http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/
[2] SAML 2.0 : https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
On 12/28/2012 02:48 PM, Kevin Brown wrote:
> So, new job... I've been tasked with implementing SSO using SAML 1.1. The
> client provided a document that gives an example of the Response object
> that will be forwarded into our site when a user goes to login. I'm trying
> to figure out how to validate the XML that I'm given so that I don't
> blindly trust that the document hasn't been modified in some way or just
> faked.
> I have the keys (DigestValue and SignatureValue), but when I try to do a
> sha1 of the xml (minus all the parts in the <Signature></Signature>
> section, the hash doesn't match.
> Does anyone have any experience with this that they might be able to point
> me in the right direction?
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20121228/31c5d43d/attachment.pgp>
More information about the PLUG-discuss
mailing list