[security-dev] Does PicketLink SAML offering support xml decryption ?

Pedro Igor Silva psilva at redhat.com
Fri Aug 8 19:53:58 EDT 2014


The decryption is done by the SAML2AuthenticationHandler itself. That is why you don't need a specific handler on the SP. 

The SAML2EncryptionHandler is only to be used at the IdP side.

And yes, I think only EncryptedAssertion is supported. What means you always encrypt the entire assertion.

Regards.

----- Original Message -----
From: "Adam Dong" <adamdong at vidder.com>
To: "Pedro Igor Silva" <psilva at redhat.com>
Cc: security-dev at lists.jboss.org
Sent: Friday, August 8, 2014 7:45:15 PM
Subject: RE: [security-dev] Does PicketLink SAML offering support xml decryption	?

Pedro,

Thanks for the quick response. That was very helpful.

I took a quick look at those examples:

The IDP side has SAML2EncryptionHander configured in the handlers chain, that is understandable.
But why doesn't SP side have something like SAML2DecryptionHandler ? Where is the decryption code ? Is it in ServiceProviderAuthenticator itself and not in a handler ?

(A less important question: so the library supports only <EncryptedAssertion>, and not <EncryptedID> or <EncryptedAttribute>, right ?)

Thanks,
Adam

-----Original Message-----
From: Pedro Igor Silva [mailto:psilva at redhat.com] 
Sent: Friday, August 08, 2014 3:24 PM
To: Adam Dong
Cc: security-dev at lists.jboss.org
Subject: Re: [security-dev] Does PicketLink SAML offering support xml decryption ?

I'm pretty sure about EncryptedAssertion. We have quickstarts for that:

https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/master/picketlink-federation-saml-idp-with-encryption
https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/master/picketlink-federation-saml-sp-with-encryption

----- Original Message -----
From: "Adam Dong" <adamdong at vidder.com>
To: security-dev at lists.jboss.org
Sent: Friday, August 8, 2014 7:07:30 PM
Subject: [security-dev] Does PicketLink SAML offering support xml decryption	?



Specifically for decrypting <EncryptedID>, <EncryptedAssertion> or <EncryptedAttribute> on The SP side ? 



Thanks, 

Adam Dong 

_______________________________________________
security-dev mailing list
security-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev


More information about the security-dev mailing list