OpenSAML user discussion

[rangeli nepal <>]

Thank you Brent for choosing to reply this thread.

> Well, there isn't any defined SAML binding that really implements a REST
> operation.  Perhaps you just mean one of the standard front-channel
> bindings of SAML - but those don't really align well with REST concepts
> as people usually define them.

You are perfectly right. There is no REST profile or Binding defined.
However you can  define a protocol that will make SAML very suitable
in REST scenerio too. It may not be SAMLish as it is not complaint to
the profile and binding already defined. However, opensaml is a great
tool to use even in those scenerios.



>> Opensaml seems to have support for servlet container using
>> BasicSAMLMessageContext, and
>> HttpServletResponseAdapter.
>
>
> The HttpServletRequest- and ResponseAdapters you see in openws are for
> handling server-side operations, not client side.  We don't have a
> generalized client-side set of components utilizing something like
> HttpClient.
>

I was thinking of using httpclient in server side, in idp intitated
SingleLogout. I was thinking if I can get all Single Logout services
defined  for audiences in assertion from metadata and use http client
to dispatch Logout messages to all of them concurrently.


> Yes, we have a basic SOAP client based on HttpClient, but not any sort
> of REST one - primarily b/c SAML doesn't define anything vis-a-vis REST.
>  You'll have to clarify what you mean there.
>
> We do have support for the standard defined SAML bindings, including the
> front-channel ones: HTTP-Post, HTTP-Redirect Deflate and Artifact.  See
> the packages:
>
> org.opensaml.saml2.binding.decoding
> and
> org.opensaml.saml2.binding.encoding.
>

Thanks again for this pointer. Highly appreciate it.

rn