Hi Pushpalanka, Thanks! This Spec has it all very detailed. Got the concern clarified and clear now!
On Fri, Oct 2, 2015 at 10:48 AM, Pushpalanka Jayawardhana <[email protected]> wrote: > Hi Nadeesha, > > The specification[1] mentions <Issuer> element as optional. Please refer > section "3.2.2 Complex Type StatusResponseType" in the specification. > Also there is sample SAML Response in the section "5.4.6 Example" of the > spec for quick reference. > > This issuer element defines who issued the SAML Assertion and in SAML > Response who issued the SAML Response. Hence there is the possibility for > one party to issue the SAML assertion and another party to issue the SAML > Response, seperately signing each element. > > [1] - https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf > > Thanks, > Pushpalanka. > -- > Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). > Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ > Mobile: +94779716248 > Blog: pushpalankajaya.blogspot.com/ | LinkedIn: > lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka > > > On Fri, Oct 2, 2015 at 10:36 AM, Nadeesha Meegoda <[email protected]> > wrote: > >> Hi Danushka, >> >> Thanks for the response! I tested this without enabling the response >> signing and assertion signing, but still the saml2:Issuer is duplicated in >> both response and assertion. As per my reading on the saml spec in [1] the >> Response doesn't contain an issuer, only the assertion contains the issuer >> element which is noted in 3.4 Responses section. Please correct me if I'm >> wrong. >> >> Full Response is attached for the above scenario mentioned ( without >> enabling the response signing and assertion signing ) >> >> [1] - http://saml.xml.org/saml-specifications >> >> Thanks! >> >> On Thu, Oct 1, 2015 at 8:33 PM, Danushka Fernando <[email protected]> >> wrote: >> >>> Hi Nadeesha >>> The duplicate entry meant by you is under the saml assertion. Saml >>> response object contains a saml assertion. And when you sign both response >>> and assertion this entry includes into both objects. For more details you >>> can refer to saml spec. [1] >>> >>> [1] http://saml.xml.org/saml-specifications >>> >>> Thanks & Regards >>> Danushka Fernando >>> Senior Software Engineer >>> WSO2 inc. http://wso2.com/ >>> Mobile : +94716332729 >>> >>> >>> On Oct 1, 2015 7:10 PM, "Nadeesha Meegoda" <[email protected]> wrote: >>> >>>> Hi IS team, >>>> >>>> I am testing SAML SSO with travelocity app and when I signed in to the >>>> app I noticed in the SAML authentication response getting duplicate entries >>>> for saml2:Issuer, ds:Signature, ds:X509Certificate etc with the same >>>> response data. Is there a special reason these are duplicated? Just need to >>>> clarify! >>>> >>>> Noted below is the section that is duplicated in the response: >>>> >>>> <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" >>>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" >>>> >mgt.is.wso2.com</saml2:Issuer> >>>> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >>>> <ds:SignedInfo> >>>> <ds:CanonicalizationMethod Algorithm=" >>>> http://www.w3.org/2001/10/xml-exc-c14n#"; /> >>>> <ds:SignatureMethod Algorithm=" >>>> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> >>>> <ds:Reference >>>> URI="#bnlofhdfbehmnhiajimjohbkhepimciajocfmdkl"> >>>> <ds:Transforms> >>>> <ds:Transform Algorithm=" >>>> http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> >>>> <ds:Transform Algorithm=" >>>> http://www.w3.org/2001/10/xml-exc-c14n#"; /> >>>> </ds:Transforms> >>>> <ds:DigestMethod Algorithm=" >>>> http://www.w3.org/2000/09/xmldsig#sha1"; /> >>>> >>>> <ds:DigestValue>fiOel63mdz3HsEz2JrSbUgBvYDw=</ds:DigestValue> >>>> </ds:Reference> >>>> </ds:SignedInfo> >>>> >>>> <ds:SignatureValue>VgbMj1PIjJ0JFdyJ9AKaLkBnj7OD/prQahVU5WgdK9PAMvMedKt42pna+A5YznK0zLrzPKHAP/5VD6qHVPtF5LsYqJNEC4OTR1Mo2nzv34nOQxZZ95uxKBoxD/eVzgrqNBIzAecgSXvvYBj1ZlmjbJQoOuVxgdFOhOkz8S3bO+Q=</ds:SignatureValue> >>>> <ds:KeyInfo> >>>> <ds:X509Data> >>>> >>>> <ds:X509Certificate>MIICAzCCAWygAwIBAgIEb38jDjANBgkqhkiG9w0BAQQFADBGMRAwDgYDVQQDEwd5bWMuY29tMQ0wCwYDVQQLEwROb25lMRQwEgYDVQQKEwtOb25lIEw9Tm9uZTENMAsGA1UEBhMETm9uZTAeFw0xNTA4MjkwNjIxNDJaFw0yNTA5MjUwNjIxNDJaMEYxEDAOBgNVBAMTB3ltYy5jb20xDTALBgNVBAsTBE5vbmUxFDASBgNVBAoTC05vbmUgTD1Ob25lMQ0wCwYDVQQGEwROb25lMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPWrZjdgaHwd8FDZaOm57wz2fxSW4umTuyw8E8PnNwCkZqIGpxkJGqfEOzXhP38A84a7fwXUfCZuwetgvkU4vfqhHieqI5OiA02pZpBzWkYjpg8By6YeJyK4Vy4hB6yq1gTCaerqffeAfXWI0ILog9iwJtbAgfJUDqU9j5XEnMxQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAE8GmwMaydEFMb8hzvXjkX2pdjZto4S5AqaERjigR5OCsvcnuqNPspuAMyy7AC6xRCkKOfhFEfFcAHhExpqCfqFcuEhfqc3tL89eDyf1sxfnaoCPSWjgo/TirWSaaxcT2JAcWfGh74S77CHC/m9rZ9ozaTJRhzNw5RYEbWNKJEqc</ds:X509Certificate> >>>> </ds:X509Data> >>>> </ds:KeyInfo> >>>> </ds:Signature> >>>> >>>> Full Response is attached with the mail. >>>> >>>> Highly appreciate an explanation on this! >>>> >>>> >>>> Thanks >>>> >>>> -- >>>> *Nadeesha Meegoda* >>>> Software Engineer - QA >>>> WSO2 Inc.; http://wso2.com >>>> lean.enterprise.middleware >>>> email : [email protected] >>>> mobile: +94783639540 >>>> <%2B94%2077%202273555> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >> >> >> -- >> *Nadeesha Meegoda* >> Software Engineer - QA >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> email : [email protected] >> mobile: +94783639540 >> <%2B94%2077%202273555> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > -- *Nadeesha Meegoda* Software Engineer - QA WSO2 Inc.; http://wso2.com lean.enterprise.middleware email : [email protected] mobile: +94783639540 <%2B94%2077%202273555>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
