[xmlsec] Verify XML signature with multiple KeyName

Paolo Smiraglia paolo.smiraglia at gmail.com
Fri Jun 29 10:37:33 PDT 2018


On Fri, 29 Jun 2018 at 17:38, Leif Johansson <leifj at mnt.se> wrote:
> My guess is that Scott just tries to iterate over all possible
> combinations... Is this a key rollover situation btw?

No. The double KeyName is because the tool that I used to sign the
metadata (samlsign) iterated over all the subjectAlternativeName.
After some experiment I obtained that a KeyName is added for each
subjectAlternativeName.

> What saml profile is this trying to comply with? Is it perhaps eIDAS?

More or less. It is SPID, the Italian federation.

-- 
PAOLO SMIRAGLIA


More information about the xmlsec mailing list