mace-opensaml-users - Re: [OpenSAML] HTTPRedirectDeflateEncoder/Decoder
Subject: OpenSAML user discussion
List archive
- From: tedzo <>
- To:
- Subject: Re: [OpenSAML] HTTPRedirectDeflateEncoder/Decoder
- Date: Wed, 27 Aug 2008 18:10:33 -0700 (PDT)
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID; b=s1VhIdNPf2Ab8Ka6JGkV1sKaVAJICG63wVMVe7BuVFyeWvUlZhZbq5MwfIdB+OUoztBwgejERAXwhUrXNbWVd2LVUgplCCs6gZ33BTeZOBN3FSrOLq/68cTo+yah8ym04hBl/1BzzRHvzJbyObPHaRzicoljdnMUS5A+vG9zYhc=;
Yep, got it. Thanks for the input.
For some reason HttpServletRequestAdapter is not documented and that threw me off. I am using the BasicSAMLMessageContext. I couldn't figure out the exact type of message context based on the profile (you said "You create the type of context you want. This could be a context subclass specifically for a particular profile,...."). Do you mean I can create a context for the type of profile I am interested in- Redirect-Post?
Thanks again
----- Original Message ----
From: Brent Putman <>
To:
Sent: Wednesday, August 27, 2008 3:45:46 PM
Subject: Re: [OpenSAML] HTTPRedirectDeflateEncoder/Decoder
tedzo wrote:
Yes, that's right, except that the encode/decode and deflate processes operate on a SAMLObject representing the SAML message in question, not a "saml string".
Right, the unit of operation here is a MessageContext (actually a SAMLMessageContext subclass), which holds various pieces of information that are inputs to the encoding/decoding process (all decoders/encoders, not just this one). You create the type of context you want. This could be a context subclass specifically for a particular profile, the idea being that your profile handler class instantiates that specific type of context and this then serves as the unit of profile processing. But if you don't have things coded that way, there is a BasicSAMLMessageContext in java-opensaml2 you can use.
Take a look at the unit tests for those 2 encoder and decoder classes, and you should get a sense of what you need to minimally set on the MessageContext to use this encoder/decoder pair. Those are in like-named packages under the src/test/java tree in SVN.
For the encoder basically an oubound SAML message (obviously), a peer entity Endpoint, and the outbound Transport, which will almost certainly just be adapter around your HttpServletResponse. Optionally also a signing Credential, if you want the message signed under the rules for that encoder.
For the decoder, input is just the inbound message transport, which will be an adapter around your HttpServletRequest. Then after calling decode, various data elements on the context will be decoded and populated.
--Brent
From: Brent Putman <>
To:
Sent: Wednesday, August 27, 2008 3:45:46 PM
Subject: Re: [OpenSAML] HTTPRedirectDeflateEncoder/Decoder
tedzo wrote:
Hello,I am trying to use opensaml-2.1 (Redirect-Post binding) and I am little lost-I assumed that I could use HTTPRedirectDeflateEncoder to base64 encode and deflate the saml string and then use HTTPRedirectDeflateDecoder to undo it on the other end.
Yes, that's right, except that the encode/decode and deflate processes operate on a SAMLObject representing the SAML message in question, not a "saml string".
However I don't see any methods to help me do this. The two useful methods - encode() and decode() takes a MessageContext as a parameter and I am not sure how to get a context. What am I missing?
Right, the unit of operation here is a MessageContext (actually a SAMLMessageContext subclass), which holds various pieces of information that are inputs to the encoding/decoding process (all decoders/encoders, not just this one). You create the type of context you want. This could be a context subclass specifically for a particular profile, the idea being that your profile handler class instantiates that specific type of context and this then serves as the unit of profile processing. But if you don't have things coded that way, there is a BasicSAMLMessageContext in java-opensaml2 you can use.
Take a look at the unit tests for those 2 encoder and decoder classes, and you should get a sense of what you need to minimally set on the MessageContext to use this encoder/decoder pair. Those are in like-named packages under the src/test/java tree in SVN.
For the encoder basically an oubound SAML message (obviously), a peer entity Endpoint, and the outbound Transport, which will almost certainly just be adapter around your HttpServletResponse. Optionally also a signing Credential, if you want the message signed under the rules for that encoder.
For the decoder, input is just the inbound message transport, which will be an adapter around your HttpServletRequest. Then after calling decode, various data elements on the context will be decoded and populated.
--Brent
- Re: [OpenSAML] HTTPRedirectDeflateEncoder/Decoder, tedzo, 08/27/2008
- Re: [OpenSAML] HTTPRedirectDeflateEncoder/Decoder, Brent Putman, 08/27/2008
- <Possible follow-up(s)>
- Re: [OpenSAML] HTTPRedirectDeflateEncoder/Decoder, tedzo, 08/28/2008
Archive powered by MHonArc 2.6.16.