1

I work with OpenSaml library, I want to validate signed assertion (XML Signature) embedded in SAMLResponse that is not signed. Always the validation fail, there are a way to validate the signed assertion without his parent (Response) ? Or, another another way to do it ?

nouri
  • 23
  • 6
  • Read this: http://stackoverflow.com/questions/2185569/how-to-validate-a-saml-signature-value – exoddus Jun 02 '14 at 08:42
  • I could validate an assertion not embedded in samlResponse, but the problem when it is embedded, the validation fail ? – nouri Jun 02 '14 at 08:51

1 Answers1

1

The problem here that when I sign the assertion, the id of the signature is referenced to the Response and not to the assertion. So, I fix this by referencing the id of the signature to the assertion and not to the response. see here (page 71, section 5.4.2)

Patrick
  • 999
  • 1
  • 9
  • 21
nouri
  • 23
  • 6