Layer7 API Management

Expand all | Collapse all

Getting Certificate from SSL Handshake for SAML validation

  • 1.  Getting Certificate from SSL Handshake for SAML validation

    Posted 04-29-2015 11:29 AM

    Can anyone explain which set of assertions are needed to grab the certificate from an SSL handshake to be used to validate a SAML signature? We are trying to meet a use case within the NHIN standard where the public certificate is expected to be taken from the protocol level and used for message level validation. Thanks!



  • 2.  Re: Getting Certificate from SSL Handshake for SAML validation

    Broadcom Employee
    Posted 04-29-2015 03:00 PM

    James,

     

    Would you be able to provide a sample of the request with the SAML token to make sure we have the right layout. Also will you be authenticating the SSL certificate?

     

    Sincerely,

    Stephen Hughes

    Director, Technical Support



  • 3.  Re: Getting Certificate from SSL Handshake for SAML validation

    Posted 04-30-2015 03:37 PM
      |   view attached

    Hi Stephen, here is the sample request. Yes, we will be authenticating the SSL certificate.

    Attachment(s)



  • 4.  Re: Getting Certificate from SSL Handshake for SAML validation

    Broadcom Employee
    Posted 05-02-2015 03:07 PM
      |   view attached

    James,

     

    Please review the attached policy that will take the information from the SSL certificate provided in the Network transport and then extract out the SAML token to first validate the signature using the SSL certificate and then validate the SAML token authentication statement. If you are using a SOAP service ensure to uncheck the Perform WS-Security processing for this service on the service property to allow the policy to act against the message instead of the default behavior.

    Attachment(s)