authn request signing

Mike Flynn shibbolethlynda at yahoo.com
Thu Nov 3 20:55:17 GMT 2011 

The client responded with:

So this is the redirect URL:
 
https://alliancetest.qualcomm.com/fed/idp/samlv20?SAMLRequest=fVLJboMwEP0V5HswGGWRFZBocmiktEWF9tBLZYxTLBmbeEza%2FH1ZuqSHRvLF%0Amjdv06yBNaqlaedq%2FSiOnQDnfTRKAx0HMeqspoaBBKpZI4A6TvP0bk%2BJH9DW%0AGme4UchLAYR10uiN0dA1wubCniQXT4%2F7GNXOtUAxhlqWvjrrivncNDjvv6VR%0AwtU%2BgMEDK8HZQ14gb9vbkJoNhL%2FrTCnJNBeuH%2FrHjqmepBmZDqLCsmrxYPlE%0AAuTttjF6JfPFMipXVbgQwXIhooqHnB3IKpyzgLCI9TCATuw0OKZdjEgQhrP%2B%0ABVFBAhoQOg9fkJd9ZbyRupL67Xoh5QQCelsU2WzK8iwsjDl6AErWg0c6CtuL%0Aoq%2FTsu92UfJPl%2FDT5QzaNb4QmRRbet%2Bz7raZUZKfvVQp876xgjkRoxDhZFr5%0AewfJJw%3D%3D%0A&RelayState=cookie%3A87499538&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=nBrjFZLrBHxFLgkdk0hp%2B%2BreKkjzHtNHGgisiHLHmObPIALiQu%2BNDGnqWMQwv9iY29yg0AAbDUNbc1lFnHLRtY5RFpASwnh8XiyxlJhJ4jSq%2FK%2BwPvhaglLhRf%2BEFpbbf7Qjwf2CunYYJ62E4g%2BdaGhgOdS5fPriLMtRPz%2FNdlGx0vGW9eNDMySNIRXWOvl8aKx7%2FijHZh7som5X7q4njQ%2BmrVDrNzIzOJ91%2FWKE5F0%2FsW9EBHuZS7gc6wWLYGkp7dDcwWslLmPyrjc%2FwtWwo%2FzjMyFWvOwqHpUrpJF
19WxWtsIUM%2Fx5%2BPyFute6tu8pey%2FevTZZuhiHAK%2BbaD4VzA%3D%3D
 
and decoding the above SAMLRequest= gives:
 
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://shib.lynda.com/Shibboleth.sso/SAML2/POST" Destination="https://alliancetest.qualcomm.com/fed/idp/samlv20" ID="_25673b8d16e076e3dc1caf2815a02a3a" IssueInstant="2011-11-03T20:02:51Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://shib.lynda.com/shibboleth-sp</saml:Issuer><samlp:NameIDPolicy AllowCreate="1"/></samlp:AuthnRequest>




________________________________
From: Mike Flynn <shibbolethlynda at yahoo.com>
To: Shib Users <users at shibboleth.net>
Sent: Thursday, November 3, 2011 1:49 PM
Subject: Re: authn request signing


Thanks, Scott.  I have no idea what that means but I passed it on to the customer :)


________________________________
From: "Cantor, Scott" <cantor.2 at osu.edu>
To: "users at shibboleth.net" <users at shibboleth.net>
Sent: Thursday, November 3, 2011 1:27 PM
Subject: Re: authn request signing

On 11/3/11 4:23 PM, "Mike Flynn" <shibbolethlynda at yahoo.com> wrote:

>I asked the client to test after I made the sign="true" setting but he
>says he is still not getting a signed authNRequest:

Redirect binding signatures are not XML signatures, they're encoded in the
URL.

-- Scott

--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net



--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20111103/1bc69203/attachment-0001.html

More information about the users mailing list