[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: New metadata for DataPower
Howdy, Please see attached new metadata. The only difference is that we are now using SSL. Thanks and see you Sunday! R Ciochon, Robert wrote: > Hi, > During the dry run we were able to assemble the metadata for all > vendors who are participating. If you have had to change your > metadata since the dry run, please send it out to the list so everyone > can maintain a current version for their providers. This will be one > less step that will need to be done at show setup. Note that some > vendors were running without SSL at the dry run. If you were one of > them, SSL will be required for the show and your metadata will need to > change. > > A few items came up during the dry run that were accomodated, but in > the interest of a smoother show setup everyone wanted standardized. > Please respond if you disagree with the proposed requirements for the > SAML Interop: > > * RelayState in an idP initiated SSO - This varied between > vendors, with some passing a valid URL, others sending an empty > string, others not sending it at all and still others using a > special string. The concensus of those on the conference call > today was to specify that the RelayState is optional, but if > sent, it MUST be a valid URL. > * XML signature KeyInfo element - Some vendors were failing if an > XML sig was sent without having the key embedded in the KeyInfo > element. The concensus on the call was to have it optional if > the KeyInfo is sent and not have it required by any vendor. > * Signing AuthnRequest - The Metadata standard provides for > separate settings for idP and SP on whether an AuthnRequest > should be signed, and they can conflict (the SP metadata > specifying don't sign it, the idP specifying it must be > signed). The concensus on the call was to leave it up to the SP > to specify if the AuthnRequest was signed, and the idP would not > have a preference. However, it appears from the spec this can't > be set for the idP (it requires either always or never signed), > so instead, the requirement is that all AuthnRequests will be > signed. > > Please respond as soon as possible to the above issues, as a decision > will be put in writing on Friday. > Regards, > Bob > > *Robert Ciochon* > eTrust Development Manager > Computer Associates > San Diego, California > (858) 625-6866 > robert.ciochon@ca.com > -- Rebecca Xiong Product Marketing Manager DataPower Technology beccax@datapower.com 617-864-0455 x309 ~~~~~~~~~~~~~~~~~~~~~~~~~~ XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
<?xml version="1.0" encoding="UTF-8"?> <EntityDescriptor entityID="http://mysp.datapower.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <SPSSODescriptor AuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="signing"> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIICrTCCAZWgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAhMRIwEAYDVQQKEwlTQU1M IERlbW8xCzAJBgNVBAMTAkNBMB4XDTA1MDIwMjE5NDg1N1oXDTA2MDIwMjE5NDg1 N1owOzEcMBoGA1UEChMTRGF0YVBvd2VyIFNpZ25hdHVyZTEbMBkGA1UEAxMSbXlz cC5kYXRhcG93ZXIuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDsdbbn Bqhk52Mjp7qjhylWt8d/1733v4c/Lt9DDApqQ1AenIwy9t9XLOI0tsmX1JQFKZo2 sh8KLhWeF/kmIz7uKSx3Rziuz8KZ8bEN9SLnR29hHdfkt/04xAuFpJb3qwmA8xbR bfrNdxXxT3XFE6everZAHMZ1lnt8RLvg0YyFDwIDAQABo1owWDAdBgNVHQ4EFgQU kAtGCA74a8P/UilvHsjJzP4pC88wHwYDVR0jBBgwFoAUZFb1bRyyvdicdcD0mR0n 6ARdeykwCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEFBQADggEB AM4BWBp2zabDKL+h44+eAJnjPg0zeUIG1WqNF0qNGRzJQ6wK4HVKPGIth69qF2YQ 8kvBj1VEBgfkdPCcwoMkKliDHNr56rhfTHgzZOVY4YyqsecKhBFDnD32vrD4dpFe PLkVs7/MJRLdMHgmAf9D/kgo6/fcWBMyyvDOufndxIif9W7XQmkVEdLBUSsvC/Co CLiRLHcDcuYCUr6PxsM4kil50Mfb6y4JZns5Jr8vhI7vAZB8D8ZkIrdU+66aau2J da2AyioI0PG1lYJr3bornD88WfN0u2oZtZDuh9GCC8APi3mp7pWO/U8nJrjKikVm z9raIAihR6tMjii9zGK1jdc= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </KeyDescriptor> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://mysp.datapower.com:4000/rsademo/MyLogout" ResponseLocation="https://mysp.datapower.com:4000/rsademo/LoggedOut"/> <NameIDFormat> urn:oasis:names:tc:SAML:2.0:nameid-format:persistent </NameIDFormat> <AssertionConsumerService isDefault="true" index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mysp.datapower.com:4000/rsademo/ResponseHandler"/> </SPSSODescriptor> </EntityDescriptor>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]