The SAML XML.org web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

How to find encryption details of SP initiated message?

Forum topic: Submitted by santu71182 on Wed, 2010-11-24 12:02.

Hi,

 How do I find whether the SP initiated SAML messages in a setup are signed by RSA-SHA-1 digital signature algorithm (with 2048 bit strength ) or not?

 Regards

Santosh

‹ authnrequest invalid signature Single Logout After Idle Timeout at Identity Provider ›
  • Login to post comments
  • 16772 reads

  Assuming you're talking

conor | Wed, 2010-11-24 19:15

 

Assuming you're talking about whether or not the SP's supposed to sign their requests when sending to the IdP...

The SP can advertise this in their metadata (if they are using metadata) or the SP and IdP agree to that through some non-SAML, out-of-band mechanism (e.g. two sysadmins agreeing to do so over lunch).

Of course, if the SP does sign the message, the IdP can see that it's signed.  The real question comes when the IdP gets an unsigned message and the behavior of the IdP is based on the signing policy found out through one of the two mechanisms defined above (metadata, or out-of-band).

XML.org Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | XML.org | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I

Hosted by:

OASIS