Topic
3 replies Latest Post - ‏2013-04-24T18:04:26Z by RolfRander
FF1P_Michael_Harvan
FF1P_Michael_Harvan
2 Posts
ACCEPTED ANSWER

Pinned topic Sign action for SAML token

‏2013-04-23T17:09:55Z |

I have a SOAP request with a SAML 1.1 token and I have a requirement to sign the message body, the WS-Security timestamp and a security token reference which refers back to the SAML token.

I can only find a way to create a token reference to an X509 cert using the standard sign actions.

Is there a way to reference the SAML token, or will I need to create a custom transform for that?

  • RolfRander
    RolfRander
    23 Posts
    ACCEPTED ANSWER

    Re: Sign action for SAML token

    ‏2013-04-24T07:09:26Z  in response to FF1P_Michael_Harvan

    In the "sign action" you can select "message type": "selected elements (field-level)". This enables you to create a "document crypto map", which effectively is an XPath-expression selecting those elements the signature should cover.

     

    regards

    rolf rander

     

    • FF1P_Michael_Harvan
      FF1P_Michael_Harvan
      2 Posts
      ACCEPTED ANSWER

      Re: Sign action for SAML token

      ‏2013-04-24T12:15:41Z  in response to RolfRander

      I have done that and the signature covers all the correct elements, but I cannot find a way for the sign action to reference the SAML token. The SecurityTokenReference is always to the x509 BinarySecurityToken.

      • RolfRander
        RolfRander
        23 Posts
        ACCEPTED ANSWER

        Re: Sign action for SAML token

        ‏2013-04-24T18:04:26Z  in response to FF1P_Michael_Harvan

        can you provide an (abridged) example (without all the base64-coded binary parts...) of the message pre and post signature and some more details of what you have tried?

         

        regards

        rolf rander