rangeli nepal rangeli.nepal at
Fri Sep 2 12:27:58 BST 2011

Reading at the descriptions, It seems you were pointing to

If not please guide me.

Thank you.

On Fri, Sep 2, 2011 at 7:16 AM, rangeli nepal <rangeli.nepal at> wrote:
> I am trying to find some refrence of ProtocolWithXMLSignature. Would
> you please point me to relevant code section.
> On google search, I can see reference to.
> samlsec:ProtocolWithXMLSignature
> Thanks again.
> rn
> On Fri, Sep 2, 2011 at 12:07 AM, Brent Putman <putmanb at> wrote:
>> In the standard HTTP POST binding (defined in the original SAML spec),
>> the signature will be an enveloped XML signature in the protocol
>> message.  That signature would be handled by the
>> ProtocolWithXMLSignature rule.
>> In the HTTP POST SimpleSign binding, the message is signed as a "blob"
>> (not an XML Signature) and stored as a form parameter in the request, as
>> you see below.  This binding is an extension binding, not in the
>> original SAML spec.  Its signature will be validated by the
>> SAML2HTTPPostSimpleSign rule.
>> So the rule that is effectively validating the signature depends on
>> which binding the SP used to send the protocol message to the IdP.  Your
>> log message below would indicate that the message was *not* sent via
>> HTTP POST SimpleSign, so there's nothing for it to do.
>> Hope that helps,
>> Brent
>> On 9/1/11 11:29 PM, rangeli nepal wrote:
>>> Good Evening Everybody,
>>> I am trying to use SAML2HTTPPostSimpleSignRule. I see following log
>>>  [BaseSAMLSimpleSignatureSecurityPolicyRule] HTTP request was not
>>> signed via simple signature mechanism, skipping
>>> I look at the,
>>> I see following section of code. It seems this code is trying to get
>>> data from request. I am under the impression that in Post binding
>>> Signature is inside the mesage not outside as in redirect bining. If
>>> that is true , how following code will work. I must be missing
>>> something.
>>> Any elaboration will be highly appreciated.
>>> Thank you.
>>> rn
>>> protected byte[] getSignature(HttpServletRequest request) throws
>>> SecurityPolicyException {
>>>        String signature = request.getParameter("Signature");
>>>        if (DatatypeHelper.isEmpty(signature)) {
>>>        return null;
>>>        }
>>>        return Base64.decode(signature);
>>>        }
>>> --
>>> To unsubscribe from this list send an email to users-unsubscribe at
>> --
>> To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list