OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [saml-dev] encrypting saml protocol messages



On 10/31/11 3:27 PM, swu@axolotl.com wrote:
> Thanks, Hal,
> agreed.. but can't a Saml Response element contain an encrypted element
> inside of it? 

A SAML 2.0 Response can directly contain an EncryptedAssertion, or a
(non-encrypted) Assertion can contain an EncryptedID in its Subject or
one or more EncryptedAttribute's in an AttributeStatement.


> If we detect the EncryptedElement 

There isn't an element here literally called 'EncryptedElement', there
are the SAML 2.0 saml2:Encrypted* elements above, which will contain an
XML Encryption-defined xmlenc:EncryptedData and possibly zero or more
xmlenc:EncryptedKey's.


> in DOM/SAX then before
> passing things to OpenSAML (which is the reference implementation we are
> using), we should decrypt it first.
> 


The OpenSAML library specifically has support for encrypting and
decrypting the SAML 2.0 Encrypted* things directly in our XMLObject
abstraction, as well as support for handling key resolution, key
encryption key (KEK) decryption, etc.  You shouldn't need to do anything
at the DOM/SAX level when using OpenSAML, unless you have very odd and
atypical requirements vis-a-vis SAML and XML Encryption.

You didn't mention Java vs C++, but the Java docs on encryption support
are in the users guide here:

https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUserManJavaXMLEncryption

If you need specific guidance or have questions on using these features,
you are welcome to continue this discussion on our OpenSAML developer's
list (which is recently now co-resident with the Shibboleth developer's
list).

http://shibboleth.internet2.edu/lists.html





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]