How to submit OpenSaml response?
Question
I'm building a org.opensaml.saml.saml2.core.Response with openSAML v3.2.0. I've the signed the response and would like to submit it.
I tried following openSAML book (A Guide to OpenSAML v3) but it doesn't seem to be of help with my scenario. I have ac# demo project with basically submits the response by HTTPPost. I'm writing the same in java with opensaml. Do I have to build an artifact as the book suggest? The book example suggests that I send the ArtifactResolve using SOAP even though I'm building a Response.
With the response object above, I'd like to post the response object to an idp.
What is the best way to achieve this? - Is it a good idea to create an Envelope object? With the response object from the saml2 package, how can I create a org.opensaml.soap.soap11.Envelope?
Any help is much appreciated! Thanks!
1 answers
solution1
1 ACCPTED 2017-09-18 11:32:29
You don't have to build artifact as the book suggests. Using Artifacts has some security, privacy, and other benefits. Look Scott T. answer to understand the benefits of using Artifact binding - https://stackoverflow.com/a/13618537/1163424
Per your question, You can also pass the Response to the SP using POST binding. The way to do that is to encode your Response XML (With the signned Assertion) into Base64 string and make the client web-app POST it to the SP ACS (Assertion Consumer Service).
You pass SAMLResponse parameter with base64 string as value and a RelayState parameter which will be used to set the state in the SP web-app, As written in the SAML 2 Bindings specification page 21.
Also, I suggest using the SAML tool to validate your Response message.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.