[jboss-jira] [JBoss JIRA] Commented: (JBID-162) signature encoding/decoding not correct for HTTP_POST binding

[Anil Saldhana (JIRA)]

    [ https://jira.jboss.org/jira/browse/JBID-162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12479662#action_12479662 ] 

Anil Saldhana commented on JBID-162:
------------------------------------

Marcel, I knew about this issue.  I was trying to figure out how SAML POST binding ensured signatures apart from the signatures in the SAML messages.  The signatures in saml messages is bit dependent on JBID-164

> signature encoding/decoding not correct for HTTP_POST binding
> -------------------------------------------------------------
>
>                 Key: JBID-162
>                 URL: https://jira.jboss.org/jira/browse/JBID-162
>             Project: JBoss Identity
>          Issue Type: Bug
>          Components: Identity-Federation
>    Affects Versions: IDFED-1.0.0.alpha5
>            Reporter: Marcel Kolsteren
>            Assignee: Anil Saldhana
>
> An interoperability test between a JBID-based Service Provider and an OpenSSO-based Identity Provider revealed a problem with the signature encoding/decoding in JBID. When posting a message, JBID places the signature and the signature algorithm in separate hidden fields in the form. According to the SAMLv2 spec, this is not correct. When using HTTP-POST binding, the signature should be encoded as part of the XML message (<ds:Signature> element). Separate encoding of the signature is intended for the HTTP-Redirect profile only (because of space concerns).

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira