Simple signature validation

Cantor, Scott cantor.2 at
Wed Oct 12 23:56:09 UTC 2022

>    I've had to switch vendors over to our HTTP-POST login endpoint
> because they weren't able to move the signature from where their code
> put it. Sometimes it needs to be a parameter, sometimes it needs to be
> embedded in the XML. I don't know the exact rules.

The rules are spelled out in detail in the bindings specification. Redirect messages use GET and are not in XML format, it's a custom serialization of the XML with a deflate and encode step, and a custom signature scheme. POST messages use POST and are XML messages with an XML syntax signature. That's it. 

-- Scott

More information about the users mailing list