Does PicketLink SAML offering support xml decryption ? - security-dev - Jboss List Archives

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Does PicketLink SAML offering support xml decryption ?

PicketLink 2.7.0.Beta1 Released

PicketLink 2.7 and XXE

Adam Dong

Friday, 8 August 2014 Fri, 8 Aug '14

5:07 p.m.

Specifically for decrypting <EncryptedID>, <EncryptedAssertion> or <EncryptedAttribute> on The SP side ? Thanks, Adam Dong

Attachments:

attachment.html (text/html — 1.8 KB)

Reply

Show replies by date

Pedro Igor Silva

Friday, 8 August Fri, 8 Aug

5:24 p.m.

New subject: Does PicketLink SAML offering support xml decryption ?

I'm pretty sure about EncryptedAssertion. We have quickstarts for that: https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/mast... https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/mast... ----- Original Message ----- From: "Adam Dong" <adamdong(a)vidder.com> To: security-dev(a)lists.jboss.org Sent: Friday, August 8, 2014 7:07:30 PM Subject: [security-dev] Does PicketLink SAML offering support xml decryption ? Specifically for decrypting <EncryptedID>, <EncryptedAssertion> or <EncryptedAttribute> on The SP side ? Thanks, Adam Dong _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev

Reply

Adam Dong

5:45 p.m.

New subject: Does PicketLink SAML offering support xml decryption ?

Pedro, Thanks for the quick response. That was very helpful. I took a quick look at those examples: The IDP side has SAML2EncryptionHander configured in the handlers chain, that is understandable. But why doesn't SP side have something like SAML2DecryptionHandler ? Where is the decryption code ? Is it in ServiceProviderAuthenticator itself and not in a handler ? (A less important question: so the library supports only <EncryptedAssertion>, and not <EncryptedID> or <EncryptedAttribute>, right ?) Thanks, Adam -----Original Message----- From: Pedro Igor Silva [mailto:psilva@redhat.com] Sent: Friday, August 08, 2014 3:24 PM To: Adam Dong Cc: security-dev(a)lists.jboss.org Subject: Re: [security-dev] Does PicketLink SAML offering support xml decryption ? I'm pretty sure about EncryptedAssertion. We have quickstarts for that: https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/mast... https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/mast... ----- Original Message ----- From: "Adam Dong" <adamdong(a)vidder.com> To: security-dev(a)lists.jboss.org Sent: Friday, August 8, 2014 7:07:30 PM Subject: [security-dev] Does PicketLink SAML offering support xml decryption ? Specifically for decrypting <EncryptedID>, <EncryptedAssertion> or <EncryptedAttribute> on The SP side ? Thanks, Adam Dong _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev

Reply

Pedro Igor Silva

6:53 p.m.

New subject: Does PicketLink SAML offering support xml decryption ?

The decryption is done by the SAML2AuthenticationHandler itself. That is why you don't need a specific handler on the SP. The SAML2EncryptionHandler is only to be used at the IdP side. And yes, I think only EncryptedAssertion is supported. What means you always encrypt the entire assertion. Regards. ----- Original Message ----- From: "Adam Dong" <adamdong(a)vidder.com> To: "Pedro Igor Silva" <psilva(a)redhat.com> Cc: security-dev(a)lists.jboss.org Sent: Friday, August 8, 2014 7:45:15 PM Subject: RE: [security-dev] Does PicketLink SAML offering support xml decryption ? Pedro, Thanks for the quick response. That was very helpful. I took a quick look at those examples: The IDP side has SAML2EncryptionHander configured in the handlers chain, that is understandable. But why doesn't SP side have something like SAML2DecryptionHandler ? Where is the decryption code ? Is it in ServiceProviderAuthenticator itself and not in a handler ? (A less important question: so the library supports only <EncryptedAssertion>, and not <EncryptedID> or <EncryptedAttribute>, right ?) Thanks, Adam -----Original Message----- From: Pedro Igor Silva [mailto:psilva@redhat.com] Sent: Friday, August 08, 2014 3:24 PM To: Adam Dong Cc: security-dev(a)lists.jboss.org Subject: Re: [security-dev] Does PicketLink SAML offering support xml decryption ? I'm pretty sure about EncryptedAssertion. We have quickstarts for that: https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/mast... https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/mast... ----- Original Message ----- From: "Adam Dong" <adamdong(a)vidder.com> To: security-dev(a)lists.jboss.org Sent: Friday, August 8, 2014 7:07:30 PM Subject: [security-dev] Does PicketLink SAML offering support xml decryption ? Specifically for decrypting <EncryptedID>, <EncryptedAssertion> or <EncryptedAttribute> on The SP side ? Thanks, Adam Dong _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev

Reply

3832

days inactive

3832

days old

security-dev@lists.jboss.org

Manage subscription

3 comments

2 participants

tags (0)

participants (2)

Adam Dong
Pedro Igor Silva