Is it version 2.0 or 1.1? On Dec 28, 2012, at 4:37 PM, Joseph Sinclair <[email protected]> wrote:
> Sounds like you're trying to do the XMLDSIG[1] verification part of the > SAML[2] authentication protocol. > Most languages and platforms have a library mechanism to do this as it's not > as simple as computing the hash (the content is hashed in a particular form > for consistency, and there are a few specific transformations required). > > What language and/or platform are you using? > > [1] XMLDSIG : http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/ > [2] SAML 2.0 : > https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security > > On 12/28/2012 02:48 PM, Kevin Brown wrote: >> So, new job... I've been tasked with implementing SSO using SAML 1.1. The >> client provided a document that gives an example of the Response object >> that will be forwarded into our site when a user goes to login. I'm trying >> to figure out how to validate the XML that I'm given so that I don't >> blindly trust that the document hasn't been modified in some way or just >> faked. >> I have the keys (DigestValue and SignatureValue), but when I try to do a >> sha1 of the xml (minus all the parts in the <Signature></Signature> >> section, the hash doesn't match. >> Does anyone have any experience with this that they might be able to point >> me in the right direction? >> >> >> >> >> --------------------------------------------------- >> PLUG-discuss mailing list - [email protected] >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - [email protected] > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
