OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Trying to Decrypt my EncryptedAssertion

What language are you working in? I highly recommend using SAML libraries that are already out there.

Encryption and decryption is usually pretty straightforward. I'd say a lot of implementations end up using openssl in one form or another.

-Jeff

On Tue, Jul 14, 2015 at 12:12 PM, Truby Voglund <tvoglund@mocodevco.com> wrote:

All,


I am new to saml and have a lot working so far.  I get a SSO redirect post back to my application, and now need to Decrypt my EncryptedAssertion.  But I am unsure of the details of the response.  I have a Certificate x509 and my private key, but no passphrase.  What is the correct way to decrypt the following response?


Thanks,


Truby


<?xml version=\"1.0\" encoding=\"UTF-8\"?>

<saml2p:Response xmlns:saml2p=\"urn:oasis:names:tc:SAML:2.0:protocol\" Destination=\"http://tuadevshibbolet.cloudapp.net/_saml/validate/shibboleth-idp/1ed79ec15dfd\" ID=\"_9c9354e6532f0c55e177fa42beef2ed6\" InResponseTo=\"1ed79ec15dfd\" IssueInstant=\"2015-07-13T06:26:49.664Z\" Version=\"2.0\">

  <saml2:Issuer xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\" Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:entity\">

    https://idp.testshib.org/idp/shibboleth

  </saml2:Issuer>

  <saml2p:Status>

    <saml2p:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/>

  </saml2p:Status>

  <saml2:EncryptedAssertion xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\">

    <xenc:EncryptedData xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\" Id=\"_d88778fdc86a9b4f1a2a53627cd0b33c\" Type=\"http://www.w3.org/2001/04/xmlenc#Element\">

      <xenc:EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes128-cbc\" xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\"/>

      <ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">

        <xenc:EncryptedKey Id=\"_63ab17ff187f6a9e7da90cf165a51449\" xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\">

          <xenc:EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p\" xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\">

            <ds:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"/>

          </xenc:EncryptionMethod>

          <ds:KeyInfo>

            <ds:X509Data>

              <ds:X509Certificate>myCert</ds:X509Certificate>

            </ds:X509Data>

          </ds:KeyInfo>

          <xenc:CipherData xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\">

            <xenc:CipherValue>MoreCipherData</xenc:CipherValue>

          </xenc:CipherData>

        </xenc:EncryptedKey>

      </ds:KeyInfo>

      <xenc:CipherData xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\">

        <xenc:CipherValue>SomCiphervalue</xenc:CipherValue>

      </xenc:CipherData>

    </xenc:EncryptedData>

  </saml2:EncryptedAssertion>

</saml2p:Response>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]