[security-dev] Does PicketLink SAML offering support xml decryption ?
Pedro Igor Silva
psilva at redhat.com
Fri Aug 8 19:53:58 EDT 2014
The decryption is done by the SAML2AuthenticationHandler itself. That is why you don't need a specific handler on the SP.
The SAML2EncryptionHandler is only to be used at the IdP side.
And yes, I think only EncryptedAssertion is supported. What means you always encrypt the entire assertion.
Regards.
----- Original Message -----
From: "Adam Dong" <adamdong at vidder.com>
To: "Pedro Igor Silva" <psilva at redhat.com>
Cc: security-dev at lists.jboss.org
Sent: Friday, August 8, 2014 7:45:15 PM
Subject: RE: [security-dev] Does PicketLink SAML offering support xml decryption ?
Pedro,
Thanks for the quick response. That was very helpful.
I took a quick look at those examples:
The IDP side has SAML2EncryptionHander configured in the handlers chain, that is understandable.
But why doesn't SP side have something like SAML2DecryptionHandler ? Where is the decryption code ? Is it in ServiceProviderAuthenticator itself and not in a handler ?
(A less important question: so the library supports only <EncryptedAssertion>, and not <EncryptedID> or <EncryptedAttribute>, right ?)
Thanks,
Adam
-----Original Message-----
From: Pedro Igor Silva [mailto:psilva at redhat.com]
Sent: Friday, August 08, 2014 3:24 PM
To: Adam Dong
Cc: security-dev at lists.jboss.org
Subject: Re: [security-dev] Does PicketLink SAML offering support xml decryption ?
I'm pretty sure about EncryptedAssertion. We have quickstarts for that:
https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/master/picketlink-federation-saml-idp-with-encryption
https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/master/picketlink-federation-saml-sp-with-encryption
----- Original Message -----
From: "Adam Dong" <adamdong at vidder.com>
To: security-dev at lists.jboss.org
Sent: Friday, August 8, 2014 7:07:30 PM
Subject: [security-dev] Does PicketLink SAML offering support xml decryption ?
Specifically for decrypting <EncryptedID>, <EncryptedAssertion> or <EncryptedAttribute> on The SP side ?
Thanks,
Adam Dong
_______________________________________________
security-dev mailing list
security-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev
More information about the security-dev
mailing list