FAQ
I have an XML file. It is *possibly* a response in SAML format from an SSO
(single sign-on service).

The XML file contains a signature value and an X509 certificate.

I also have a public certificate file from the SSO.

I know the certificate file from the SSO is genuine.

How do I determine if the XML file really is from the SSO?

Here is an example:
https://rnd.feide.no/2007/12/10/example_saml_2_0_request_and_response/

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

  • Andrey mirtchovski at Jan 16, 2015 at 10:58 pm

    I have an XML file. It is *possibly* a response in SAML format from an SSO
    (single sign-on service).
    I haven't seen a package that does that. I'm using cgo and linking
    with xmlsec. Another package that I've seen uses the xmlsec1 command
    to do that: https://github.com/mattbaird/gosaml

    I wish it was something I could implement natively, though:
    http://www.w3.org/TR/xmldsig-core/

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Peter Kleiweg at Jan 16, 2015 at 11:10 pm
    Op vrijdag 16 januari 2015 23:58:50 UTC+1 schreef andrey mirtchovski:

    I wish it was something I could implement natively, though:
    Go has crypto/x509, encoding/pem, and encoding/xml. Aren't those enough? I
    just don't know how to use them in this situation.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Andrey mirtchovski at Jan 16, 2015 at 11:14 pm
    me neither. i was just following xmlsec's suggestions to get around
    it. now that my interest has been piqued i'll follow this discussion
    to see if it can be done.
    On Fri, Jan 16, 2015 at 4:10 PM, Peter Kleiweg wrote:
    Op vrijdag 16 januari 2015 23:58:50 UTC+1 schreef andrey mirtchovski:
    I wish it was something I could implement natively, though:
    http://www.w3.org/TR/xmldsig-core/

    Go has crypto/x509, encoding/pem, and encoding/xml. Aren't those enough? I
    just don't know how to use them in this situation.

    --
    You received this message because you are subscribed to the Google Groups
    "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Peter Kleiweg at Jan 16, 2015 at 11:31 pm

    Op vrijdag 16 januari 2015 23:58:50 UTC+1 schreef andrey mirtchovski:

    I have an XML file. It is *possibly* a response in SAML format from an SSO
    (single sign-on service).
    I haven't seen a package that does that. I'm using cgo and linking
    with xmlsec. Another package that I've seen uses the xmlsec1 command
    to do that: https://github.com/mattbaird/gosaml
    I have looked at gosaml. It doesn't use xmlsec1. It's pure Go. But it
    doesn't do verification.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Peter Kleiweg at Jan 17, 2015 at 12:44 am
    Op zaterdag 17 januari 2015 00:31:30 UTC+1 schreef Peter Kleiweg:
    Op vrijdag 16 januari 2015 23:58:50 UTC+1 schreef andrey mirtchovski:
    I have an XML file. It is *possibly* a response in SAML format from an SSO
    (single sign-on service).
    I haven't seen a package that does that. I'm using cgo and linking
    with xmlsec. Another package that I've seen uses the xmlsec1 command
    to do that: https://github.com/mattbaird/gosaml
    I have looked at gosaml. It doesn't use xmlsec1. It's pure Go. But it
    doesn't do verification.
    Ah, I thought you meant it links with a C library. But it uses the external
    program xmlsec1. That works for verification too.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Andrey mirtchovski at Jan 17, 2015 at 12:44 am

    I have looked at gosaml. It doesn't use xmlsec1. It's pure Go. But it
    doesn't do verification.
    i looked only briefly and this made me think it wasn't:

    https://github.com/mattbaird/gosaml/blob/master/authnrequest.go#L242

    nonetheless, i'll try to research it this weekend and see what can be
    done with just go's primitives.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Eric Johnson at Jan 20, 2015 at 9:03 pm
    xmlsec is a major, serious, crazy, difficult to implement specification.

    At least, the fully conformant spec is. Because along the path to signing
    something (or verifying the signature for something), you can "transform"
    the XML. Which can involve XPath selection, XSLT transforms, and one of
    multiple forms of canonicalization. I did some work related to Apache
    Santuario project, and was surprised along the way to discover that to be
    fully conformant, you need XPath 1.0, and XSLT 1.0 support. So - not an
    easy task to re-implement. And certainly, the Go primitives aren't going to
    get you there.

    Eric.
    On Friday, January 16, 2015 at 2:58:50 PM UTC-8, andrey mirtchovski wrote:

    I have an XML file. It is *possibly* a response in SAML format from an SSO
    (single sign-on service).
    I haven't seen a package that does that. I'm using cgo and linking
    with xmlsec. Another package that I've seen uses the xmlsec1 command
    to do that: https://github.com/mattbaird/gosaml

    I wish it was something I could implement natively, though:
    http://www.w3.org/TR/xmldsig-core/
    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupgolang-nuts @
categoriesgo
postedJan 16, '15 at 10:45p
activeJan 20, '15 at 9:03p
posts8
users3
websitegolang.org

People

Translate

site design / logo © 2022 Grokbase