I send it inside
<saml:Attribute
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="http://some.url.testing.key">
and added to the attribute-map.xml:
<Attribute name="http://some.url.testing.cert" id="certificate">
<AttributeDecoder xsi:type="StringAttributeDecoder"
caseSensitive="true"/>
And on the gss-server side it prints out the whole cert (provided it is
short enought so as the freeradius does not fall into loop):
Attribute urn:ietf:params:gss:federated-saml-attribute
urn:oasis:names:tc:SAML:2.0:attrname-format:uri
http://some.url.testing.cert Authenticated Complete
and the certificate in pam format follows...
Marcel
On 10/30/2013 05:18 PM, Cantor, Scott wrote:
> On 10/30/13, 12:14 PM, "Marcel Poul" <[log in to unmask]> wrote:
>>
>> This is the complete update reply section:
>> http://pastebin.com/ZqUh5Tzj
>
> Without speaking to your issue, that's wrong. You're putting a PEM
> certificate directly into an AttributeValue, and the SP isn't going to
> process that. If you want existing code to work, you have to use proper
> KeyInfo syntax.
>
> -- Scott
>
|