Simple signature validation
cantor.2 at osu.edu
Wed Oct 12 23:56:09 UTC 2022
> I've had to switch vendors over to our HTTP-POST login endpoint
> because they weren't able to move the signature from where their code
> put it. Sometimes it needs to be a parameter, sometimes it needs to be
> embedded in the XML. I don't know the exact rules.
The rules are spelled out in detail in the bindings specification. Redirect messages use GET and are not in XML format, it's a custom serialization of the XML with a deflate and encode step, and a custom signature scheme. POST messages use POST and are XML messages with an XML syntax signature. That's it.
More information about the users