Archive for February, 2007

SAML and ColdFusion

Friday, February 9th, 2007

Here’s someone — Phil Duba — out in the wide web-developer world who’s picked up the SAML specs, largely figured them out, and is working on integrating it (SAML-based SSO) into sites built with Cold Fusion

SAML and ColdFusion – Part 1
http://www.philduba.com/index.cfm/2006/12/29/SAML-and-ColdFusion–Part-1

SAML and ColdFusion – Part 2
http://www.philduba.com/index.cfm/2007/2/9/SAML-and-ColdFusion–Part-2

Cool Stuff.

Latest Revision of SAML HTTP POST-SimpleSign Binding Spec

Friday, February 2nd, 2007

The latest revision of the SAML HTTP POST-SimpleSign Binding Spec is here…

draft-sstc-saml-binding-simplesign-02
http://www.oasis-open.org/committees/download.php
/21715/draft-sstc-saml-binding-simplesign-02.pdf

Diff version: draft-sstc-saml-binding-simplesign-02-diff
http://www.oasis-open.org/committees/download.php
/21716/draft-sstc-saml-binding-simplesign-02-diff.pdf

The salient difference between this new rev of this spec and the prior rev (which is at “Committee Draft” maturity level and out for Public Review) is that now we sign the SAML protocol message’s raw XML representation, rather than base64 encoding it first (as we specified in the previous revs of this spec). The reason for this change is..

Experimentation shows that many web browsers alter linefeeds when submitting form controls that span multiple lines. Since base64-encoded data often wraps, it is not possible to guarantee that the values submitted will match what the original signer produced, resulting in verification failures. Using the raw XML content as a component of the octet string addresses this issue.

..which is a direct quote from the new spec revision (at line 205).

JeffH sez check it out.