SAML Keys Format
MIKE LLOYD - QQ1
mike.lloyd at gsa.gov
Thu Feb 6 11:43:16 EST 2020
Sounds good, thanks Scott.
On Wed, Feb 5, 2020 at 5:10 PM Cantor, Scott <cantor.2 at osu.edu> wrote:
> You will never see a (correct) instance of metadata or any other
> ds:X509Certificate element anywhere with the headers. The relevant standard
> is XML Signature, and the syntax of that element is a base64-encoded
> DER-encoded certificate. PEM is simply that format with the headers added.
> The XML Schema type of the element is called base64Binary. The headers are
> not valid base64 so they blatantly break the syntax and would choke any
> validating parser.
> > I noticed the metadata/idp-metadata.xml configuration file references
> There is no such configuration file. The IdP never uses its own metadata.
> That file is a dummy example file (really should never have been created,
> but it's historical) that's just a sample. It should never be used as
> anything but a starting point for creating the appropriate metadata to give
> to federations and the like.
> > I've seen ADFS SAML 2.0 references contain the certificate headers and
> I would be surprised, but given that ADFS can't even handle valid
> metadata, it would be fitting if it accepted something that's clearly
> > and I didn't see the OASIS SAML 2.0 specify whether the headers and
> footers were needed
> Because it's not a SAML element. It comes from XML Signature.
> -- Scott
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
Innovation Specialist, 18F, cloud.gov
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users