SAML2HTTPPostSimpleSignRule

rangeli nepal rangeli.nepal at gmail.com
Fri Sep 2 12:27:58 BST 2011 

Reading at the descriptions, It seems you were pointing to
SAMLProtocolMessageXMLSignatureSecurityPolicyRule.java

If not please guide me.

Thank you.
rn

On Fri, Sep 2, 2011 at 7:16 AM, rangeli nepal <rangeli.nepal at gmail.com> wrote:
> I am trying to find some refrence of ProtocolWithXMLSignature. Would
> you please point me to relevant code section.
>
> On google search, I can see reference to.
>
> samlsec:ProtocolWithXMLSignature
>
> Thanks again.
> rn
>
> On Fri, Sep 2, 2011 at 12:07 AM, Brent Putman <putmanb at georgetown.edu> wrote:
>> In the standard HTTP POST binding (defined in the original SAML spec),
>> the signature will be an enveloped XML signature in the protocol
>> message.  That signature would be handled by the
>> ProtocolWithXMLSignature rule.
>>
>> In the HTTP POST SimpleSign binding, the message is signed as a "blob"
>> (not an XML Signature) and stored as a form parameter in the request, as
>> you see below.  This binding is an extension binding, not in the
>> original SAML spec.  Its signature will be validated by the
>> SAML2HTTPPostSimpleSign rule.
>>
>> So the rule that is effectively validating the signature depends on
>> which binding the SP used to send the protocol message to the IdP.  Your
>> log message below would indicate that the message was *not* sent via
>> HTTP POST SimpleSign, so there's nothing for it to do.
>>
>> Hope that helps,
>> Brent
>>
>>
>> On 9/1/11 11:29 PM, rangeli nepal wrote:
>>> Good Evening Everybody,
>>>
>>> I am trying to use SAML2HTTPPostSimpleSignRule. I see following log
>>>
>>>  [BaseSAMLSimpleSignatureSecurityPolicyRule] HTTP request was not
>>> signed via simple signature mechanism, skipping
>>>
>>> I look at the BaseSAMLSimpleSignatureSecurityPolicyRule.java,
>>> I see following section of code. It seems this code is trying to get
>>> data from request. I am under the impression that in Post binding
>>> Signature is inside the mesage not outside as in redirect bining. If
>>> that is true , how following code will work. I must be missing
>>> something.
>>> Any elaboration will be highly appreciated.
>>> Thank you.
>>> rn
>>>
>>>
>>> protected byte[] getSignature(HttpServletRequest request) throws
>>> SecurityPolicyException {
>>>        String signature = request.getParameter("Signature");
>>>        if (DatatypeHelper.isEmpty(signature)) {
>>>        return null;
>>>        }
>>>        return Base64.decode(signature);
>>>        }
>>> --
>>> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>> --
>> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>>
>

More information about the users mailing list