Create a SAML 2 profile workflow action that decrypts incoming Subject name identifier

Basics

Logistics

Basics

Logistics

Description

Create an action that decrypts encrypted name identifiers within the subject of incoming requests.

Environment

None

Activity

Scott Cantor

March 28, 2014 at 5:32 PM

Established default location as SecurityParametersContext child of inbound MessageContext.

We could put this below RelyingPartyContext via injected function, but I'm inclined to leave it, because the SAML 2 use cases we have today are protocol message field decryption, which feels like inbound context. We could make it a handler, but leaving the action gives more flexibility for other use cases.

If decryption parameters aren't set, it fails by default on finding anything to Decrypt. That seems appropriate for the use cases we have, which can't follow up if the subject is opaque.

Scott Cantor

February 6, 2014 at 7:22 PM

TBD: error handling if no DecryptionParams are set, location by default of the context

Scott Cantor

February 6, 2014 at 3:29 AM

Working action checked in, still unsure about specifics of decryption config usage.

Rod Widdowson

November 29, 2012 at 11:50 AM

Make Chad's cases unassigned

Resize work item view side panel

Fixed

Details

Assignee

Scott Cantor

Reporter

Tom Zeller

Original estimate

Components

SAML2

Security and Cryptography

Fix versions

3.0.0-alpha1

Created September 9, 2011 at 3:50 PM

Updated July 9, 2014 at 3:04 PM

Resolved July 9, 2014 at 3:04 PM