OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

samldemotech message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: New metadata for DataPower


Please see attached new metadata.   The only difference is that we are 
now using SSL.

Thanks and see you Sunday!

Ciochon, Robert wrote:

> Hi,
> During the dry run we were able to assemble the metadata for all 
> vendors who are participating.   If you have had to change your 
> metadata since the dry run, please send it out to the list so everyone 
> can maintain a current version for their providers.  This will be one 
> less step that will need to be done at show setup.  Note that some 
> vendors were running without SSL at the dry run.  If you were one of 
> them, SSL will be required for the show and your metadata will need to 
> change.
> A few items came up during the dry run that were accomodated, but in 
> the interest of a smoother show setup everyone wanted standardized.  
> Please respond if you disagree with the proposed requirements for the 
> SAML Interop:
>     * RelayState in an idP initiated SSO - This varied between
>       vendors, with some passing a valid URL, others sending an empty
>       string, others not sending it at all and still others using a
>       special string.  The concensus of those on the conference call
>       today was to specify that the RelayState is optional, but if
>       sent, it MUST be a valid URL.
>     * XML signature KeyInfo element - Some vendors were failing if an
>       XML sig was sent without having the key embedded in the KeyInfo
>       element.   The concensus on the call was to have it optional if
>       the KeyInfo is sent and not have it required by any vendor.
>     * Signing AuthnRequest - The Metadata standard provides for
>       separate settings for idP and SP on whether an AuthnRequest
>       should be signed, and they can conflict (the SP metadata
>       specifying don't sign it, the idP specifying it must be
>       signed).  The concensus on the call was to leave it up to the SP
>       to specify if the AuthnRequest was signed, and the idP would not
>       have a preference.  However, it appears from the spec this can't
>       be set for the idP (it requires either always or never signed),
>       so instead, the requirement is that all AuthnRequests will be
>       signed.
> Please respond as soon as possible to the above issues, as a decision 
> will be put in writing on Friday.
> Regards,
> Bob
> *Robert Ciochon*
> eTrust Development Manager
> Computer Associates
> San Diego, California
> (858) 625-6866
> robert.ciochon@ca.com

Rebecca Xiong
Product Marketing Manager
DataPower Technology
617-864-0455 x309

XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

<?xml version="1.0" encoding="UTF-8"?>
<EntityDescriptor entityID="http://mysp.datapower.com"; xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">

    <SPSSODescriptor AuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

	<KeyDescriptor use="signing">

	<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://mysp.datapower.com:4000/rsademo/MyLogout"; ResponseLocation="https://mysp.datapower.com:4000/rsademo/LoggedOut"/>


	<AssertionConsumerService isDefault="true" index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mysp.datapower.com:4000/rsademo/ResponseHandler"/>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]