SAML2HTTPPostSimpleSignRule

rangeli nepal rangeli.nepal at gmail.com
Fri Sep 2 12:16:17 BST 2011 

I am trying to find some refrence of ProtocolWithXMLSignature. Would
you please point me to relevant code section.

On google search, I can see reference to.

samlsec:ProtocolWithXMLSignature

Thanks again.
rn

On Fri, Sep 2, 2011 at 12:07 AM, Brent Putman <putmanb at georgetown.edu> wrote:
> In the standard HTTP POST binding (defined in the original SAML spec),
> the signature will be an enveloped XML signature in the protocol
> message.  That signature would be handled by the
> ProtocolWithXMLSignature rule.
>
> In the HTTP POST SimpleSign binding, the message is signed as a "blob"
> (not an XML Signature) and stored as a form parameter in the request, as
> you see below.  This binding is an extension binding, not in the
> original SAML spec.  Its signature will be validated by the
> SAML2HTTPPostSimpleSign rule.
>
> So the rule that is effectively validating the signature depends on
> which binding the SP used to send the protocol message to the IdP.  Your
> log message below would indicate that the message was *not* sent via
> HTTP POST SimpleSign, so there's nothing for it to do.
>
> Hope that helps,
> Brent
>
>
> On 9/1/11 11:29 PM, rangeli nepal wrote:
>> Good Evening Everybody,
>>
>> I am trying to use SAML2HTTPPostSimpleSignRule. I see following log
>>
>>  [BaseSAMLSimpleSignatureSecurityPolicyRule] HTTP request was not
>> signed via simple signature mechanism, skipping
>>
>> I look at the BaseSAMLSimpleSignatureSecurityPolicyRule.java,
>> I see following section of code. It seems this code is trying to get
>> data from request. I am under the impression that in Post binding
>> Signature is inside the mesage not outside as in redirect bining. If
>> that is true , how following code will work. I must be missing
>> something.
>> Any elaboration will be highly appreciated.
>> Thank you.
>> rn
>>
>>
>> protected byte[] getSignature(HttpServletRequest request) throws
>> SecurityPolicyException {
>>        String signature = request.getParameter("Signature");
>>        if (DatatypeHelper.isEmpty(signature)) {
>>        return null;
>>        }
>>        return Base64.decode(signature);
>>        }
>> --
>> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>

More information about the users mailing list