OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: AuthnRequest - what exactly is signed


Hi,

I'm new to SAML and have to make a simple client. I'm starting with the
AuthnRequest and have the following data that I need to send to the IdP:

SAMLRequest:
<samlp:AuthnRequest
Destination="https://idp1.test.oio.dk:9031/idp/SSO.saml2";
IssueInstant="2008-02-20T14:19:42.000Z" ID="Rr4-hMXeUZQah5u.TawQbAKRF4-"
Version="2.0"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">oces.sp1.test.oio.dk<
/saml:Issuer><samlp:NameIDPolicy
AllowCreate="true"/></samlp:AuthnRequest>

RelayState:
FR5nUYco7eJ0sSK1waqE4YXnRyZYB6

SigAlg:
http://www.w3.org/2000/09/xmldsig#rsa-sha1


If I read the standard correctly, each of these 3 parameters needs to be
URL-encoded and then concatenated into a string, so it should look
something like this:

SAMLRequest=%3Csamlp%3AAuthnRequest+Destination%3D%22https%3A%2F%2Fidp1%
2Etest%2Eoio%2Edk%3A9031%2Fidp%2FSSO%2Esaml2%22+IssueInstant%3D%222008%2
D02%2D20T14%3A19%3A42%2E000Z%22+ID%3D%22Rr4%2DhMXeUZQah5u%2ETawQbAKRF4%2
D%22+Version%3D%222%2E0%22+xmlns%3Asamlp%3D%22urn%3Aoasis%3Anames%3Atc%3
ASAML%3A2%2E0%3Aprotocol%22%3E%3Csaml%3AIssuer+xmlns%3Asaml%3D%22urn%3Ao
asis%3Anames%3Atc%3ASAML%3A2%2E0%3Aassertion%22%3Eoces%2Esp1%2Etest%2Eoi
o%2Edk%3C%2Fsaml%3AIssuer%3E%3Csamlp%3ANameIDPolicy+AllowCreate%3D%22tru
e%22%2F%3E%3C%2Fsamlp%3AAuthnRequest%3E&RelayState=FR5nUYco7eJ0sSK1waqE4
YXnRyZYB6&SigAlg=
http%3A%2F%2Fwww%2Ew3%2Eorg%2F2000%2F09%2Fxmldsig%23rsa%2Dsha1

Is it correct, that it is the entire string as shown above that is
signed, and then the signature is posted in the Signature parameter?

Thanks,
Kim
____________________________________________________________________
www.kmd.dk   www.kundenet.kmd.dk   www.e-Boks.dk    www.organisator.dk

Hvis du har modtaget denne mail ved en fejl vil jeg gerne, at du informerer mig og sletter den.
KMD skaber it-services, der fremmer effektivitet hos det offentlige, erhvervslivet og borgerne.

If you received this e-mail by mistake, please notify me and delete it. Thank you.
Our mission is to enhance the efficiency of the public sector and improve its service to the general public. 

KMD A/S l Lautrupparken 40-42 l DK-2750 Ballerup l CVR-nr. 26911745 

KMD er medlem af IT-Branchen, Dansk Erhverv, samt anmeldt til Datatilsynet som edb-servicevirksomhed. KMD er certificeret i henhold til ISO 9001:2000, med Dansk Standard som certificerende organ, Microsoft Gold Certified Partner, Certificeret SAP Hosting Center.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]