Hi All,
We are using XMLSec to handle XML signature and encryption in SAML 1.0 and 2.0
protocols. We are pre-configed the configuration data such as IDP certificate
using metadata. So even the response include "KeyInfo/X509Data", we will ignore
it then using local pre-config certificate to verify it and we assume SP
totally trust this certificate. So also we won't use CA certificate to verify
the pre-config certificate's legitimacy.
I dig into code then find:
/* ignore <dsig:KeyInfo /> if there is the key is already set */
/* todo: throw an error if key is set and node != NULL? */
if((dsigCtx->signKey == NULL) && (dsigCtx->keyInfoReadCtx.keysMngr != NULL)
&& (dsigCtx->keyInfoReadCtx.keysMngr->getKey != NULL)) {
dsigCtx->signKey = (dsigCtx->keyInfoReadCtx.keysMngr->getKey)(node,
&(dsigCtx->keyInfoReadCtx));
}
Does it means I need to set dsigCtx->signKey? And what's meaning of
dsigCtx->signKey? Is it private key from IDP? (we never can get private key
from IDP). How can I meet this requirement by xmlsec?
Thanks,
Jeffrey
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
