Hi Kevin, Why recreate the wheel?
CAS <https://wiki.jasig.org/display/CASUM> If you determine you really don't need CAS, perhaps this discussion of CAS<https://wiki.jasig.org/display/CASUM> implementation and SAML+1.1 ticket validation: https://wiki.jasig.org/display/CASUM/SAML+1.1 might help? On Fri, Dec 28, 2012 at 2:48 PM, Kevin Brown <[email protected]>wrote: > So, new job... I've been tasked with implementing SSO using SAML 1.1. The > client provided a document that gives an example of the Response object > that will be forwarded into our site when a user goes to login. I'm trying > to figure out how to validate the XML that I'm given so that I don't > blindly trust that the document hasn't been modified in some way or just > faked. > I have the keys (DigestValue and SignatureValue), but when I try to do a > sha1 of the xml (minus all the parts in the <Signature></Signature> > section, the hash doesn't match. > Does anyone have any experience with this that they might be able to point > me in the right direction? > > --------------------------------------------------- > PLUG-discuss mailing list - [email protected] > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > -- (503) 754-4452 Android (623) 239-3392 Skype (623) 688-3392 Google Voice ** it-clowns.com Chief Clown
--------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
