The SAML web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

How to find encryption details of SP initiated message?


 How do I find whether the SP initiated SAML messages in a setup are signed by RSA-SHA-1 digital signature algorithm (with 2048 bit strength ) or not?




Assuming you're talking about whether or not the SP's supposed to sign their requests when sending to the IdP...

The SP can advertise this in their metadata (if they are using metadata) or the SP and IdP agree to that through some non-SAML, out-of-band mechanism (e.g. two sysadmins agreeing to do so over lunch).

Of course, if the SP does sign the message, the IdP can see that it's signed.  The real question comes when the IdP gets an unsigned message and the behavior of the IdP is based on the signing policy found out through one of the two mechanisms defined above (metadata, or out-of-band). Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I