SAML2HTTPPostSimpleSignRule

[Brent Putman]

Yes, that is the Java class which corresponds to that configuration
element in relying-party.xml.


On 9/2/11 7:27 AM, rangeli nepal wrote:
> Reading at the descriptions, It seems you were pointing to
> SAMLProtocolMessageXMLSignatureSecurityPolicyRule.java
>
> If not please guide me.
>
> Thank you.
> rn
>
> On Fri, Sep 2, 2011 at 7:16 AM, rangeli nepal <rangeli.nepal at gmail.com> wrote:
>> I am trying to find some refrence of ProtocolWithXMLSignature. Would
>> you please point me to relevant code section.
>>
>> On google search, I can see reference to.
>>
>> samlsec:ProtocolWithXMLSignature
>>
>> Thanks again.
>> rn
>>
>> On Fri, Sep 2, 2011 at 12:07 AM, Brent Putman <putmanb at georgetown.edu> wrote:
>>> In the standard HTTP POST binding (defined in the original SAML spec),
>>> the signature will be an enveloped XML signature in the protocol
>>> message.  That signature would be handled by the
>>> ProtocolWithXMLSignature rule.
>>>
>>> In the HTTP POST SimpleSign binding, the message is signed as a "blob"
>>> (not an XML Signature) and stored as a form parameter in the request, as
>>> you see below.  This binding is an extension binding, not in the
>>> original SAML spec.  Its signature will be validated by the
>>> SAML2HTTPPostSimpleSign rule.
>>>
>>> So the rule that is effectively validating the signature depends on
>>> which binding the SP used to send the protocol message to the IdP.  Your
>>> log message below would indicate that the message was *not* sent via
>>> HTTP POST SimpleSign, so there's nothing for it to do.
>>>
>>> Hope that helps,
>>> Brent
>>>
>>>
>>> On 9/1/11 11:29 PM, rangeli nepal wrote:
>>>> Good Evening Everybody,
>>>>
>>>> I am trying to use SAML2HTTPPostSimpleSignRule. I see following log
>>>>
>>>>  [BaseSAMLSimpleSignatureSecurityPolicyRule] HTTP request was not
>>>> signed via simple signature mechanism, skipping
>>>>
>>>> I look at the BaseSAMLSimpleSignatureSecurityPolicyRule.java,
>>>> I see following section of code. It seems this code is trying to get
>>>> data from request. I am under the impression that in Post binding
>>>> Signature is inside the mesage not outside as in redirect bining. If
>>>> that is true , how following code will work. I must be missing
>>>> something.
>>>> Any elaboration will be highly appreciated.
>>>> Thank you.
>>>> rn
>>>>
>>>>
>>>> protected byte[] getSignature(HttpServletRequest request) throws
>>>> SecurityPolicyException {
>>>>        String signature = request.getParameter("Signature");
>>>>        if (DatatypeHelper.isEmpty(signature)) {
>>>>        return null;
>>>>        }
>>>>        return Base64.decode(signature);
>>>>        }
>>>> --
>>>> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>>> --
>>> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>>>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net