So, new job... I've been tasked with implementing SSO using SAML 1.1. The client provided a document that gives an example of the Response object that will be forwarded into our site when a user goes to login. I'm trying to figure out how to validate the XML that I'm given so that I don't blindly trust that the document hasn't been modified in some way or just faked. I have the keys (DigestValue and SignatureValue), but when I try to do a sha1 of the xml (minus all the parts in the <Signature></Signature> section, the hash doesn't match. Does anyone have any experience with this that they might be able to point me in the right direction?
--------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
