[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Digital Signature Validation
On 6/12/14, 10:02 AM, "Phalguni Mukherjee" <phalgunimukherjee1007@gmail.com> wrote: >Can some one give me an abstract overview how actually digital signature >validation for the saml assertion done? Abstractly? You verify an XML signature along with a very specific content profile assessment to prevent wrapping attacks, and then you apply a deployment specific determination of trust against the signing key to ensure it belongs to the SAML issuer. That glosses over a tremendous amount of complex code. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]