[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Referencing Saml Assertion from it's enveloped signature (Wss Saml Token Profile vs Saml 1.1 Core spec)
This is about assertion enveloped signatures in Saml assertions in SOAP wsse:Security header. The (Wss Saml Token Profile) specifies the <wsse:SecurityTokenReference> as a way of referencing the the SAML assertion, while the SAML 1.1 core spec menitions direct URI reference such as <ds:Reference URI="#SamlAssertion-3e42fde8b68fbbe411e01ca9d0fdd47e"> Should both flavors be supported when validationg the soap assertion signature? How are the current Wss SAML token profile implementations handling this? Thanks, Emil
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]