EncryptedAssertion or EncryptedData for encrypted SAML tokens?

bob45 Thu, 30 Jan 2014 04:34:19 -0800

When I encrypt a SAML token using CXF it is returned as EncryptedData element
as shown below:


  <soap:Body>
    <RequestSecurityTokenResponseCollection
xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512";
xmlns:ns2="http://www.w3.org/2005/08/addressing";
xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802";>
      <RequestSecurityTokenResponse>
       
<TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</TokenType>
        <RequestedSecurityToken>
          <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
Id="ED-1" Type="http://www.w3.org/2001/04/xmlenc#Element";>
...

Section 2.4.3 of the SAML2.0 specification says:

/"The <EncryptedAssertion> element represents an assertion in encrypted
fashion,as defined by the
XML Encryption Syntax and Processing specification [XMLEnc]."/

I expected to see EncryptedAssertion instead of EncryptedData.

Why is that not the case? Are both Options equally valid?






--
View this message in context: 
http://cxf.547215.n5.nabble.com/EncryptedAssertion-or-EncryptedData-for-encrypted-SAML-tokens-tp5739278.html
Sent from the cxf-user mailing list archive at Nabble.com.

EncryptedAssertion or EncryptedData for encrypted SAML tokens?

Reply via email to