The SAML web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.



reading private key from a file(.pem) and sign SAML Assertion


I am working on SAML assertion. I have a private key abc.pem. I want to read this file and sign the assertion. The code I found on the internet is what I have written. I might be wrong, but somehow I think this code is for generation private key from a public key, which is what I don't want. I already have a private key, alias and its password. I just want to read it from file and sign the assertion. You help would be greatly appreciated.



Read more

Feide RnD

SAML 2.0 Usability

I've started some work on SAML 2.0 usability from a service provider's point of view. The more complex architectures you make with SAML 2.0, often the usability suffers. In particular series of "Where are you from" interfaces, and service provider not already know about an existing SSO sessions are the two main problems I try to solve.

Read more



Hi there  
 I'm trying to calculate the Digest value of a SAML Authentication
STatement whith the SHA-1 algorithm. Let us suppose that we are dealing
with a string representing the following node:


When I try to calculate SHA-1 with the function  b64_sha1(str2Digest)  what

Read more

Pushing String blog:

Upcoming SSTC work items

The SSTC's "call for profiling intentions" netted some good information. We've collected it on our working wiki and will keep that CfPI2008 page updated - in fact, we've already seen several of the promised draft documents, so things are hopping in the TC.

If you know of other third-party work that will benefit from SSTC review, or are an SSTC member and plan to submit a profile or extension for consideration, please let me know.

Pushing String blog:

Call for Profiling Intentions

The SSTC is issuing a "call for profiling intentions" in order to organize its work for the next several months. If you are planning to submit a SAML profile, binding, or extension to the SSTC for its consideration sometime soon(ish), please drop me a note with a proposed title, short abstract/rationale, and the timeframe in which you plan to bring the draft to the SSTC.

Similarly, if you are working on a SAML profile or extension in your own venue and want to seek the SSTC's guidance, let us know that as well.

Read more Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I