OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

samldemotech message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: New metadata for DataPower


Howdy,

Please see attached new metadata.   The only difference is that we are 
now using SSL.

Thanks and see you Sunday!
R

Ciochon, Robert wrote:

> Hi,
> During the dry run we were able to assemble the metadata for all 
> vendors who are participating.   If you have had to change your 
> metadata since the dry run, please send it out to the list so everyone 
> can maintain a current version for their providers.  This will be one 
> less step that will need to be done at show setup.  Note that some 
> vendors were running without SSL at the dry run.  If you were one of 
> them, SSL will be required for the show and your metadata will need to 
> change.
>
> A few items came up during the dry run that were accomodated, but in 
> the interest of a smoother show setup everyone wanted standardized.  
> Please respond if you disagree with the proposed requirements for the 
> SAML Interop:
>
>     * RelayState in an idP initiated SSO - This varied between
>       vendors, with some passing a valid URL, others sending an empty
>       string, others not sending it at all and still others using a
>       special string.  The concensus of those on the conference call
>       today was to specify that the RelayState is optional, but if
>       sent, it MUST be a valid URL.
>     * XML signature KeyInfo element - Some vendors were failing if an
>       XML sig was sent without having the key embedded in the KeyInfo
>       element.   The concensus on the call was to have it optional if
>       the KeyInfo is sent and not have it required by any vendor.
>     * Signing AuthnRequest - The Metadata standard provides for
>       separate settings for idP and SP on whether an AuthnRequest
>       should be signed, and they can conflict (the SP metadata
>       specifying don't sign it, the idP specifying it must be
>       signed).  The concensus on the call was to leave it up to the SP
>       to specify if the AuthnRequest was signed, and the idP would not
>       have a preference.  However, it appears from the spec this can't
>       be set for the idP (it requires either always or never signed),
>       so instead, the requirement is that all AuthnRequests will be
>       signed.
>
> Please respond as soon as possible to the above issues, as a decision 
> will be put in writing on Friday.
> Regards,
> Bob
>
> *Robert Ciochon*
> eTrust Development Manager
> Computer Associates
> San Diego, California
> (858) 625-6866
> robert.ciochon@ca.com
>


-- 
Rebecca Xiong
Product Marketing Manager
DataPower Technology
beccax@datapower.com
617-864-0455 x309

~~~~~~~~~~~~~~~~~~~~~~~~~~
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html


<?xml version="1.0" encoding="UTF-8"?>
<EntityDescriptor entityID="http://mysp.datapower.com"; xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">

    <SPSSODescriptor AuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

	<KeyDescriptor use="signing">
	<ds:KeyInfo>
	<ds:X509Data>
	<ds:X509Certificate>
MIICrTCCAZWgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAhMRIwEAYDVQQKEwlTQU1M
IERlbW8xCzAJBgNVBAMTAkNBMB4XDTA1MDIwMjE5NDg1N1oXDTA2MDIwMjE5NDg1
N1owOzEcMBoGA1UEChMTRGF0YVBvd2VyIFNpZ25hdHVyZTEbMBkGA1UEAxMSbXlz
cC5kYXRhcG93ZXIuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDsdbbn
Bqhk52Mjp7qjhylWt8d/1733v4c/Lt9DDApqQ1AenIwy9t9XLOI0tsmX1JQFKZo2
sh8KLhWeF/kmIz7uKSx3Rziuz8KZ8bEN9SLnR29hHdfkt/04xAuFpJb3qwmA8xbR
bfrNdxXxT3XFE6everZAHMZ1lnt8RLvg0YyFDwIDAQABo1owWDAdBgNVHQ4EFgQU
kAtGCA74a8P/UilvHsjJzP4pC88wHwYDVR0jBBgwFoAUZFb1bRyyvdicdcD0mR0n
6ARdeykwCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEFBQADggEB
AM4BWBp2zabDKL+h44+eAJnjPg0zeUIG1WqNF0qNGRzJQ6wK4HVKPGIth69qF2YQ
8kvBj1VEBgfkdPCcwoMkKliDHNr56rhfTHgzZOVY4YyqsecKhBFDnD32vrD4dpFe
PLkVs7/MJRLdMHgmAf9D/kgo6/fcWBMyyvDOufndxIif9W7XQmkVEdLBUSsvC/Co
CLiRLHcDcuYCUr6PxsM4kil50Mfb6y4JZns5Jr8vhI7vAZB8D8ZkIrdU+66aau2J
da2AyioI0PG1lYJr3bornD88WfN0u2oZtZDuh9GCC8APi3mp7pWO/U8nJrjKikVm
z9raIAihR6tMjii9zGK1jdc=
	</ds:X509Certificate>
	</ds:X509Data>
	</ds:KeyInfo>
	</KeyDescriptor>

	<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://mysp.datapower.com:4000/rsademo/MyLogout"; ResponseLocation="https://mysp.datapower.com:4000/rsademo/LoggedOut"/>

	<NameIDFormat>
	    urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
	</NameIDFormat>

	<AssertionConsumerService isDefault="true" index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mysp.datapower.com:4000/rsademo/ResponseHandler"/>

    </SPSSODescriptor>

</EntityDescriptor>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]