OpenSAML user discussion

[John Gonzales <>]

On 11-02-05 10:40 AM, John Gonzales wrote:

On 11-02-05 10:34 AM, Chris Card wrote:

> To:
> From:
> Date: Sat, 5 Feb 2011 11:25:32 -0500
> Subject: [OpenSAML] Unable to Decode message encoded by HTTPRedirectDeflateEncoder
>
> Hi there,
>
> I am sending an encoded message across the wire to a Rails application I am
> developing. When I try decode this message, I get the an error of
> "Zlib::DataError incorrect header check". I have tried many different things
> not the Rails-end of this equation, but I'm wondering if there might be
> something wrong on the OpenSAML-end via the Java OpenSAML Library.
>
> Here is my Java code that encodes the message:
>
> HttpServletResponseAdapter responseAdapter = new
> HttpServletResponseAdapter(response, false);
>
> responseAdapter.setStatusCode(HttpServletResponse.SC_MOVED_TEMPORARILY);
>
> SingleSignOnService ssoService = new
> SingleSignOnServiceBuilder().buildObject();
> ssoService.setLocation(identityProviderSSOServiceURL);
>
> AuthnRequest authnRequest = Saml2Util.createAuthnRequest();
> BasicSAMLMessageContext messageContext = new
> BasicSAMLMessageContext();
> messageContext.setOutboundMessage(authnRequest);
> messageContext.setOutboundSAMLMessage(authnRequest);
> messageContext.setOutboundMessageTransport(responseAdapter);
> messageContext.setPeerEntityEndpoint(ssoService);
>
> HTTPRedirectDeflateEncoder encoder = new
> HTTPRedirectDeflateEncoder();
> encoder.encode(messageContext);
>
> On the Rails-end, all GET parameters are automatically URL-decoded. So all I
> need to do is Base64 Decode, then INFLATE. Here is my code that does this
> latter piece:
>
> Zlib::Inflate.inflate(Base64.decode64(message)
>
> message is the URL-decoded SAMLRequest GET parameter.
>
> Fairly simple, but then again, I'm not sure if I implemented the Java-end
> correctly. In any case, when my Ruby/Rails code executes, I get the error I
> mentioned above. For good measure, here it is once again:
>
> Zlib::DataError (incorrect header check):
> mylib/codecs.rb:19:in `inflate'
>
> As the stack trace reports, the error is happening while trying to inflate the
> message. I've searched and tried many alternatives to get this message to
> decode on the Rails-end, but nothing has worked so far. My searches are
> suggesting that perhaps the message itself is corrupt, which is why I'm taking
> a look at the Java-end.
>
> I've been scratching my head for the two-hours on the Rails-end, and the past
> hour on the Java-end. Needless to say, any help would be greatly appreciated!
>
> Thanks in advance!
Do you have to do something like
Zlib::Inflate.new(-Zlib::MAX_WBITS).inflate(Base64.decode64(message)
?
(see e.g. http://www.agileweboperations.com/how-inflate-and-deflate-data-ruby-and-php)

Chris

Wow. Thank you, Chris! I wish I would have asked sooner -- I would have saved myself 3 hours!

I thought I gave the OpenSAML API and other SAML documentation (i.e., bindings, profiles, core, etc.) a good read, but I clearly missed something. So I am very curious, should/would I have been able to pick this information up from either the two resources I just mentioned?

-jg.

I just read that link you included. It seems like its completely implementation specific.

"The -Zlib::MAX_WBITS is necessary because PHP uses a raw deflate algorithm in the gzdeflate method but ruby defaults to either gzip or zlib (but NOT the raw deflate format)."

However, the Ruby documentation of the Zlib::Inflate library is pretty poor in this regard and doesn't mention this at all.

"Creates a new inflate stream for decompression. See zlib.h for details of the argument. If window_bits is nil, the default value is used. "

(Source: http://www.ruby-doc.org/stdlib/libdoc/zlib/rdoc/classes/Zlib/Inflate.html#M010147)

There's nothing more and no description of the default value that is used. Anyway, thanks again Chris!