Open ekaterinasmarp opened 5 years ago
fhanik
commented
5 years ago @ekaterinasmarp That feature is not implemented. But would be fairly straight forward. It depends on what time you'd want to check the certificate validation?
Is is at the time of exchanging metadata, or at the time of signature validation (which would happen when we check metadata too)?
ekaterinasmarp
commented
5 years ago Thanks for the reply, I am asking mainly about signature validation step
fhanik
commented
5 years ago signatures are validated.
ekaterinasmarp
commented
5 years ago Is it possible to verify signatures using PKIX profile during validation process? Or is there any other way to enable CRLs check?
fhanik
commented
5 years ago Signature validation is just a mathematical calculation between signing key, content, signature value and the verification key. the certification revocation step is separate, as all it does is check the certificate independent of the signature, and not implemented at this time.
I do however love pull requests should you want to include it and contribute.
ekaterinasmarp
commented
5 years ago Thanks for the information! I have to think how to implement it (but probably would not start it during next couple of weeks)
Hello,
We are using spring saml 2.0 milestone version. It is stated in documents that there is some kind of support for PKIX profile in saml 1.0: https://docs.spring.io/autorepo/docs/spring-security-saml/1.0.x-SNAPSHOT/reference/htmlsingle/#configuration-security-profiles-pkix
Is it still true for 2.0 version? How do I enable this profile?
Thanks for the great library btw :)