Skip to Content.
Sympa Menu

mace-opensaml-users - RE: Form Post Example

Subject: OpenSAML user discussion

List archive

RE: Form Post Example


Chronological Thread 
  • From: "Paul Hethmon" <>
  • To: <>, <>
  • Subject: RE: Form Post Example
  • Date: Thu, 20 Dec 2007 13:08:49 -0800

Ok. Sorry I should validate links before I email them:

http://code.crt.realtors.org/projects/websso

Paul

-----Original Message-----
From: Paul Hethmon
[mailto:]

Sent: Thursday, December 20, 2007 4:05 PM
To:
;


Subject: RE: Form Post Example

Peter,

Take a look at our implementation available here:

http://code.crt.realtors.org/projects/web-sso

We've taken the OpenSAML libraries and built a reference implementation.
The base OpenSAML Java codes needs to be updated, it's a snapshot from
October currently, but it will show you the basics that you need.

Paul


-----Original Message-----
From: Peter Gambino
[mailto:]

Sent: Thursday, December 20, 2007 4:08 PM
To: 'Scott Cantor';

Subject: RE: Form Post Example

Sorry... The language is Java. As for Validation, our normal policy (at
least using the artificat method) is to validate a username passed in
along
with the Before and After attributes. I'm good with figuring this out
myself, I guess my struggle is in getting started with Un-encrypting the
Payload using a 509 I provided to the other system and then parsing the
form
post data.

Normally would I decode the Payload manually and then feed the XML data
from
the form parameter into Open SAML? Or is there a nice wrapped method
somewhere where I can just give it an HTTP Request?

Pete

-----Original Message-----
From: Scott Cantor
[mailto:]

Sent: Thursday, December 20, 2007 3:41 PM
To:
;


Subject: RE: Form Post Example

> I have a feeling it's SAML 2.0 which is why I can't figure it out with
the
> current library. I saw the test script in your 2.0 lib. Basically
the
SAML
> provider is sending me an SAMLResponse parameter in an HTTP Form Post.
As
a
> consumer application, I need to to consume the information HTTP
request
and
> validate it and allow entry to our application.

Well, the word "validate" there encompasses a lot of stuff. There is no
single place where it happens. The parser (and the basic XML classes),
message decoder classes, security policy rules, trust engines, and the
SSO
profile validator all work together to "implement" the process you're
describing.

You still haven't said which language this is either, so anything else I
could tell you is moot unless you're using C++.

-- Scott





Archive powered by MHonArc 2.6.16.

Top of Page