mace-opensaml-users - RE: [OpenSAML] Testing SAML relying party browser post profile
Subject: OpenSAML user discussion
List archive
- From: "Pantvaidya, Vishwajit" <>
- To: "" <>
- Subject: RE: [OpenSAML] Testing SAML relying party browser post profile
- Date: Mon, 23 Mar 2009 13:11:47 -0700
- Accept-language: en-US
- Acceptlanguage: en-US
-----Original Message-----
From: Brent Putman
[mailto:]
Sent: Friday, March 20, 2009 4:48 PM
To:
Subject: Re: [OpenSAML] Testing SAML relying party browser post profile
Pantvaidya, Vishwajit wrote:
> Also I see that it is not sending any attributes in the assertion. Can I
> configure my profile to have it send those?
>
In Shibboleth with SAML 1, the default is to not send an attribute
statement in the SSO assertion, because in the absence of encryption
support in SAML 1, those would be in the clear and that's an undesirable
default. Instead the SP is expected to do an AttributeQuery to the
IdP's AttributeAuthority using the Subject from the SSO assertion.
[Pantvaidya, Vishwajit] I coded a simple Attribute Query request as follows.
- how do I create the EndPoint object to encode my saml request?
- are their any opensaml classes that I should use for this AttrQry
request-response processing interaction? If I need to use HTTPPostEncoder, I
would need to include Velocity jar also. Any samples for this would help a
lot.
AttributeQueryBuilder attrQueryBuilder=new AttributeQueryBuilder();
AttributeQuery attrQuery=attrQueryBuilder.buildObject();
Subject subject=assertion.getSubjectStatements().get(0).getSubject();
attrQuery.setSubject(subject);
RequestBuilder rqstBuilder=new RequestBuilder();
Request request=rqstBuilder.buildObject();
request.setQuery(attrQuery);
// Encode saml request for sending
/*
SAMLObjectBuilder endpointBuilder =
(SAMLObjectBuilder)builderFactory.getBuilder(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
Endpoint samlEndpoint = endpointBuilder.buildObject();
samlEndpoint.setLocation("https://idp.testshib.org";);
samlEndpoint.setResponseLocation(assertion.getIssuer());
*/
HTTPPostEncoder encoder = new
HTTPPostEncoder(velocityEngine,"/templates/saml1-post-binding.vm");
BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext();
messageContext.setOutboundMessageTransport(new
HttpServletResponseAdapter(request, false));
messageContext.setPeerEntityEndpoint(samlEndpoint);
messageContext.setOutboundSAMLMessage(request);
messageContext.setRelayState("relay");
encoder.encode(messageContext);
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 03/20/2009
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 03/20/2009
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 03/20/2009
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 03/20/2009
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 03/20/2009
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 03/20/2009
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 03/23/2009
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 03/20/2009
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 03/20/2009
Archive powered by MHonArc 2.6.16.