[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Artifact Format and EndpointIndex in 2.0
In section 3.6.4 of SAML-Bind the general format of an
artifact is defined as such: The general
format of any artifact includes a mandatory two-byte artifact type code and a
two-byte index value identifying a specific endpoint of the artifact resolution
service of the issuer, as follows: SAML_artifact
:= B64(TypeCode EndpointIndex RemainingArtifact) TypeCode
:= Byte1Byte2 EndpointIndex
:= Byte1Byte2 The notation B64(TypeCode
EndpointIndex RemainingArtifact) stands for the application of the
base64 [RFC2045] transformation to the catenation of the TypeCode, EndpointIndex, and RemainingArtifact. Section 3.6.4.1 says: SAML V2.0
defines an artifact type of type code 0x0004. This artifact type is defined as
follows: TypeCode
:= 0x0004 RemainingArtifact
:= SourceID MessageHandle SourceID
:= 20-byte_sequence MessageHandle
:= 20-byte_sequence SourceID
is a 20-byte sequence used by the artifact receiver to
determine artifact issuer identity and the set of possible resolution
endpoints. It is assumed
that the destination site will maintain a table of SourceID
values as well as one or more indexed URL endpoints (or
addresses) for the corresponding SAML responder. The SAML metadata specification
[SAMLMeta] MAY be used for this purpose. On receiving the SAML artifact, the
receiver determines if the SourceID belongs
to a known artifact issuer and obtains the location of the SAML responder using
the EndpointIndex before sending
a SAML <samlp:ArtifactResolve> message to
it. My understanding is that a SAML2 artifact is 44 bytes in
length and constructed as such: Bytes 1 & 2 contain the type code. Bytes 2 & 3 contain the endpoint index. Bytes 4-24 contain the SourceID Bytes 25-44 contain the Message Handle. Is this correct? If not, can someone kindly correct my
misunderstanding? If it is correct, I think a few minor changes to
sections 3.6.4 and 3.6.4.1 could clarify it– specifically my confusion
comes from the fact that 3.6.4.1 only makes slight mention of the EndpointIndex
and leaves it out of the type definition. It seems to me that the type
definition should look something more like this: SAML_artifact
:= B64(TypeCode EndpointIndex SourceID MessageHandle) TypeCode
:= Byte1Byte2 EndpointIndex
:= Byte1Byte2 SourceID
:= 20-byte_sequence MessageHandle
:= 20-byte_sequence Thanks in advance for any clarification, Brian Campbell |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]