[jboss-jira] [JBoss JIRA] Resolved: (JBID-162) signature encoding/decoding not correct for HTTP_POST binding

signature encoding/decoding not correct for HTTP_POST binding ------------------------------------------------------------- Key: JBID-162 URL: https://jira.jboss.org/jira/browse/JBID-162 Project: JBoss Identity Issue Type: Bug Components: Identity-Federation Affects Versions: IDFED-1.0.0.alpha5 Reporter: Marcel Kolsteren Assignee: Anil Saldhana Fix For: IDFED-1.0.0.beta2 An interoperability test between a JBID-based Service Provider and an OpenSSO-based Identity Provider revealed a problem with the signature encoding/decoding in JBID. When posting a message, JBID places the signature and the signature algorithm in separate hidden fields in the form. According to the SAMLv2 spec, this is not correct. When using HTTP-POST binding, the signature should be encoded as part of the XML message (<ds:Signature> element). Separate encoding of the signature is intended for the HTTP-Redirect profile only (because of space concerns).