OpenSAML user discussion

["Alexander Müller" <>]

Hello,

as followup to my previous question, as to how to migrate from OpenSAML 1 
with SAML 1.x to OpenSAML 2 with SAML 2 
(http://groups.google.com/group/opensaml-users/browse_thread/thread/0c89e5415c141ece),
 I have taken a look at a few of the mentioned examples/implementations - 
particularly at 
http://code.crt.realtors.org/projects/websso/browser/ClareitySecuritySSO/trunk/src/net/clareitysecurity/websso
 - and believe(!) to understand a bit more now.

However to avoid proceeding in the wrong direction I'd be really very happy 
if someone could simply confirm whether I am on the right track.

So far I think, for the IdP implementation I'd basically need to wrap a 
HttpServletRequestAdapter around the incoming HttpServletRequest

  HttpServletRequestAdapter requestAdapter=new HttpServletRequestAdapter(req);


which I then associate with a BasicSAMLMessageContext using 
setInboundMessageTransport()

  msgCtx.setInboundMessageTransport(requestAdapter);


then I'd have to use a HTTPPostDecoder to decode the request

  new HTTPPostDecoder(new BasicParserPool()).decode(msgCtx);


which then allows me to access the SAML request via 
msgCtx.getInboundSAMLMessage()


Is this more or less correct or am I heading in the wrong direction? For the 
response I assume I'd need to do the same in the reverse order 
(msgCtx.setOutboundMessageTransport(), msgCtx.setOutboundSAMLMessage()) 
although sending it off doesnt seem to be clear to me yet.


Thanks again for any hints or comments :),
Alexander