SAML 1.1 help

Lisa Kachold lisakachold at obnosis.com
Sat Dec 29 14:36:24 MST 2012


Did you read through the CAS documentation?

It's extensive (which means it's extensible and includes all manner of
clients so your work won't be a "one man' show" or "unsupportable hack"
[which is why we are all hanging off the open source wagon in the first
place]).

This might bring compatibility issues into clear focus:
https://wiki.jasig.org/display/CASC/AuthCAS

If you don't use CAS, you might look at the code they used in this piece.

After all, we don't go into a little room and pull code out of our armpits,
do we?  It's cut, splice, modify for our purposes and debug; is it not?




On Sat, Dec 29, 2012 at 9:39 AM, Kevin Brown <kevinbrownbdc at gmail.com>wrote:

>  I need it to work with the environment that the company already has in
> existence. Everything they use is Apache 1 with mod_perl.
>
>> Hi Kevin,
>>
>> Why recreate the wheel?
>>
>> CAS <%20https://wiki.jasig.org/**display/CASUM<https://wiki.jasig.org/display/CASUM>
>> >
>>
>> If you determine you really don't need CAS, perhaps this discussion of
>> CAS <%20https://wiki.jasig.org/**display/CASUM<https://wiki.jasig.org/display/CASUM>>
>> implementation and SAML+1.1 ticket validation: https://wiki.jasig.org/**
>> display/CASUM/SAML+1.1 <https://wiki.jasig.org/display/CASUM/SAML+1.1>might help?
>>
>>
>>
>>
>>
>>
>> On Fri, Dec 28, 2012 at 2:48 PM, Kevin Brown <kevinbrownbdc at gmail.com<mailto:
>> kevinbrownbdc at gmail.**com <kevinbrownbdc at gmail.com>>> wrote:
>>
>>     So, new job... I've been tasked with implementing SSO using SAML
>>     1.1. The client provided a document that gives an example of the
>>     Response object that will be forwarded into our site when a user
>>     goes to login. I'm trying to figure out how to validate the XML
>>     that I'm given so that I don't blindly trust that the document
>>     hasn't been modified in some way or just faked.
>>     I have the keys (DigestValue and SignatureValue), but when I try
>>     to do a sha1 of the xml (minus all the parts in the
>>     <Signature></Signature> section, the hash doesn't match.
>>     Does anyone have any experience with this that they might be able
>>     to point me in the right direction?
>>
>>     ------------------------------**---------------------
>>     PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.**org<PLUG-discuss at lists.phxlinux.org>
>>     <mailto:PLUG-discuss at lists.**phxlinux.org<PLUG-discuss at lists.phxlinux.org>
>> >
>>
>>     To subscribe, unsubscribe, or to change your mail settings:
>>     http://lists.phxlinux.org/**mailman/listinfo/plug-discuss<http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>
>>
>>
>>
>> --
>>
>> (503) 754-4452 Android
>> (623) 239-3392 Skype
>> (623) 688-3392 Google Voice
>> **
>> it-clowns.com <http://it-clowns.com>
>> Chief Clown
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ------------------------------**---------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.**org<PLUG-discuss at lists.phxlinux.org>
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/**mailman/listinfo/plug-discuss<http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>
>
> ------------------------------**---------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.**org<PLUG-discuss at lists.phxlinux.org>
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/**mailman/listinfo/plug-discuss<http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>



-- 

(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20121229/ccfa21c7/attachment.html>


More information about the PLUG-discuss mailing list