EncryptedData is preferred to EncryptedAssertion, as it may not be the case that the returned token is a SAML Assertion. Using EncryptedData gives us consistency for any issued encrypted token type. Secondly, EncryptedAssertion only applies to SAML 2.0 assertions, and so we would not even be consistent for the same types of token.
Colm. On Thu, Jan 30, 2014 at 10:45 AM, bob45 <[email protected]> wrote: > When I encrypt a SAML token using CXF it is returned as EncryptedData > element > as shown below: > > <soap:Body> > <RequestSecurityTokenResponseCollection > xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; > xmlns:ns2="http://www.w3.org/2005/08/addressing"; > xmlns:ns3=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > xmlns:ns4=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > xmlns:ns5="http://docs.oasis-open.org/ws-sx/ws-trust/200802";> > <RequestSecurityTokenResponse> > > <TokenType> > http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 > </TokenType> > <RequestedSecurityToken> > <xenc:EncryptedData xmlns:xenc=" > http://www.w3.org/2001/04/xmlenc#"; > Id="ED-1" Type="http://www.w3.org/2001/04/xmlenc#Element";> > ... > > Section 2.4.3 of the SAML2.0 specification says: > > /"The <EncryptedAssertion> element represents an assertion in encrypted > fashion,as defined by the > XML Encryption Syntax and Processing specification [XMLEnc]."/ > > I expected to see EncryptedAssertion instead of EncryptedData. > > Why is that not the case? Are both Options equally valid? > > > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/EncryptedAssertion-or-EncryptedData-for-encrypted-SAML-tokens-tp5739278.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
