This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Validate SAML >>1.0<< assertion?

Posted on 01-08-2021 02:20 AM
guycrets
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Hi all,

We need to validate SAML 1.0 assertion as part of WS-Sec request. Apigee's ValidateSAMLAssertion policy only supports SAML 2.0. Any suggestions how we could tackle this? Maybe someone who can share a great piece of Java(script) code or other?

Looking forward to your feedback, Guy Crets

0 2 144
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

If I were doing his I would do it in Java. Validating an assertion means, I suppose, obtaining an X.509 certificate, extracting a public key from that, and then verifying a signature on the assertion. a bunch of crypto. It's better doing that in Java.

This callout does not do what you want, but it might be a good starting point.

https://github.com/DinoChiesa/Apigee-Java-WsSec-Signature-2

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Guycrets, Did you solve this problem?

0 Likes