[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] AuthnRequest - what exactly is signed
> I'm new to SAML and have to make a simple client. I'm starting with the > AuthnRequest and have the following data that I need to send to the IdP: With what binding? > If I read the standard correctly, each of these 3 parameters needs to be > URL-encoded and then concatenated into a string, so it should look > something like this: There's no binding that would match, so no, that's wrong. > Is it correct, that it is the entire string as shown above that is > signed, and then the signature is posted in the Signature parameter? Signing is binding dependent. For a redirect, yes, you sign all of those parameters, but you don't have the message encoded correctly. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]