Reputation: 31
How OpenAM verify SAML response coming from IDP
is OpenAM depends on the public key of the registered IDP to versify the SAML response
or depends also on the hashing algorithm in the SAML response from IDP like Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
Note OpenAM version :13.0.0
Upvotes: 0
Views: 173
Answers (2)
Reputation: 3005
In upcoming versions of AM, AM will (partially) implement the algsupport spec, and will take into account remote entity provider's metadata when signing SAML documents.
This means that as a hosted entity provider, AM will check the remote entity provider's preferred signing and digest methods, and will use the first algorithm that satisfies the key type and key size requirements.
This work has been completed as part of OPENAM-11266.
Upvotes: 0
Reputation: 2744
OpenAM, acting as SAML SP, uses the public key enclosed in the KeyInfo element of the IdP meta data to verify the signature of the SAML response. It uses the signature algorithm chosen by the IdP, however it must be a supported signature algorithm.
Upvotes: 0
Related Questions
- Validate IDP initiated SAML2.0 Response
- Validate SAML Response
- SAML2 SSO Assertion Consumer
- OpenSAML how to check if SAML Response (signature/cert) is really from my IDP?
- How to validate (azure) saml xml response with opensaml?
- How to validate whether SAMLv2 response is from IdP?
- OpenAM Configured SAML Response Encryption
- Checking saml responses in OpenAM
- how to Configure openam as Identity provider(IdP) to test SAML based SSO
- How to retrieve SAML Response from OpenAM for SalesForce