Hi all, my question is how to implement on apigee an audience restriction and a signature check on SAML validation step.
Thanks
Cosimo
Solved! Go to Solution.
yes thanks @Anil Sagar for the link,
Signature check is handled by the saml assertion policy - http://apigee.com/docs/api-services/reference/saml...
For audience restriction - you could do extract it using xpath and do the validation
Thanks,
yes thanks @Anil Sagar for the link,
Signature check is handled by the saml assertion policy - http://apigee.com/docs/api-services/reference/saml...
For audience restriction - you could do extract it using xpath and do the validation
Thanks,
Hi Mukundha, about signature check do you mean that is automtically verified or i have to implement some coding? Please let me know because trhought the online reference documentation i did'nt get.
Thanks
Cosimo
yes Cosimo, Signature is verified by the policy, no need for coding.
http://apigee.com/docs/api-services/reference/saml-assertion-policy#usage-validatesamlassertion
Yes, as a somewhat simple test, I did the following: