OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Use of SecurityTokenReference with SAML2

In the samlTokenProfile doc, we have the following example : 

<wsse:SecurityTokenReference xmlns:wsse="..." xmlns:wsu="..." 
xmlns:wsse11="..." wsu:Id="..."
 
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-tokenprofile-1.1#SAMLV2.0";>
        <wsse:Reference wsu:Id="..." 
URI="https://saml.example.edu/assertion-authority?ID=abcde";>
        </wsse:Reference>
</wsse:SecurityTokenReference>

If I understand well, if I receive such a reference, I'm supposed to send 
a message to the URL 
"https://saml.example.edu/assertion-authority?ID=abcde"; to get the 
corresponding assertion.
But looking at SAML2 specification, I see that to ask for an assertion 
with it's ID, we must use an AssertionIDRequest and send it with SOAP binding !!! So how are we supposed to handle this ?

Valérie

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]