SAML 2 and validation (Shibboleth)

Posted on 2014-08-28
Last Modified: 2014-08-29
Assuming the use case where the client gets a token from a SAML authority (IdP) and send the token to a web service:

On a previous thread an expert posted the following concerning how a web service validates  incoming tokens:

it comes back signed using the public key of the the identity organization and you check that the signature is valid (chain of trust, not expired)

Open in new window

I assume that the web service does not go to the IDP, but will write its own code in order to validate the message

Do products like Shibboleth provide any tools in which to assist in the validation of the  token?

Question by:Anthony Lucia
    LVL 52

    Accepted Solution

    Sorry to start with an offtopic comment, but it should be obvious that your questions are flooding the forum - this is not a bad thing, but it seems a more specified forum for curl/SAML/Shibboleth should be considered to be used...
    LVL 52

    Expert Comment

    You didn't need to accept my comment ;-)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Suggested Solutions

    I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:
    This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now