How OpenAM verify SAML response coming from IDP

0
votes

is OpenAM depends on the public key of the registered IDP to versify the SAML response

or depends also on the hashing algorithm in the SAML response from IDP like Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"

Note OpenAM version :13.0.0

2
samlopenam

2 Answers

0
votes

OpenAM, acting as SAML SP, uses the public key enclosed in the KeyInfo element of the IdP meta data to verify the signature of the SAML response. It uses the signature algorithm chosen by the IdP, however it must be a supported signature algorithm.

0
votes

In upcoming versions of AM, AM will (partially) implement the algsupport spec, and will take into account remote entity provider's metadata when signing SAML documents.

This means that as a hosted entity provider, AM will check the remote entity provider's preferred signing and digest methods, and will use the first algorithm that satisfies the key type and key size requirements.

This work has been completed as part of OPENAM-11266.