Validating SAML tokens
https://stackoverflow.com/questions/12350164
-
01-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am writing a Client and Service using Axis2 and rampart A third party authenticator which I will control as well will issue a token to the client in which the client will send to the service The problem is I have no idea how to validate this token, I was told it is outside of the scope of SAML Is there a way to validate the token without contacting the third party authenticator or without using public keys
any help is greatly appreciated
La solution
Check this example of Apache WSS4J (which I believe is compatible with rampart, haven't used rampart myself). They use a CustomSamlAssertionValidator which appears to just compare the name of the issuer in the SAML token to pre-defined value.
Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
