Closed spring-projects-issues closed 10 years ago
Vladimir Schäfer said:
The standard you refer to describes usage of SAML tokens presented to OAuth 2.0 Authorization Servers. This software implements SAML 2.0 Web SSO Service Provider profile which is a different thing. Both of these standards employ SAML tokens, but the requirements on their content differs. Please refer to http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf for details.
Martin Riedel (Migrated from SES-134) said:
This case is not handled correctly in the current spring-saml implementation. Attached Assertion results in a 401 - "Error validating SAML message"
See: http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-09
"[...] The element MUST contain a