Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] HTTPRedirectDeflateEncoder/Decoder

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] HTTPRedirectDeflateEncoder/Decoder


Chronological Thread 
  • From: Brent Putman <>
  • To:
  • Subject: Re: [OpenSAML] HTTPRedirectDeflateEncoder/Decoder
  • Date: Wed, 27 Aug 2008 18:45:46 -0400



tedzo wrote:
Hello,
I am trying to use opensaml-2.1 (Redirect-Post binding) and I am little lost-
 
I assumed that I could use HTTPRedirectDeflateEncoder to base64 encode and deflate the saml string and then use HTTPRedirectDeflateDecoder to undo it on the other end.

Yes, that's right, except that the encode/decode and deflate processes operate on a SAMLObject representing the SAML message in question, not a "saml string".



However I don't see any methods to help me do this. The two useful methods - encode() and decode() takes a MessageContext as a parameter and I am not sure how to get a context. What am I missing?
 

Right, the unit of operation here is a MessageContext (actually a SAMLMessageContext subclass), which holds various pieces of information that are inputs to the encoding/decoding process (all decoders/encoders, not just this one).  You create the type of context you want.  This could be a context subclass specifically for a particular profile, the idea being that your profile handler class instantiates that specific type of context and this then serves as the unit of profile processing.  But if you don't have things coded that way, there is a BasicSAMLMessageContext in java-opensaml2 you can use.

Take a look at the unit tests for those 2 encoder and decoder classes, and you should get a sense of what you need to minimally set on the MessageContext to use this encoder/decoder pair.  Those are in like-named packages under the src/test/java tree in SVN.

For the encoder basically an oubound SAML message (obviously), a peer entity Endpoint, and the outbound Transport, which will almost certainly just be adapter around your HttpServletResponse. Optionally also a signing Credential, if you want the message signed under the rules for that encoder.

For the decoder, input is just the inbound message transport, which will be an adapter around your HttpServletRequest.  Then after calling decode, various data elements on the context will be decoded and populated.

--Brent







Archive powered by MHonArc 2.6.16.

Top of Page