mace-opensaml-users - Re: [OpenSAML] Extra Query parameter (HTTP Redirect Binding)
Subject: OpenSAML user discussion
List archive
- From: rangeli nepal <>
- To:
- Subject: Re: [OpenSAML] Extra Query parameter (HTTP Redirect Binding)
- Date: Tue, 22 Mar 2011 05:53:30 -0400
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=wsJAaRwmEodrxQb/wsxEb+25Oy3CM2c3Cc0zIp7RggL/umT85GKj1fTOQgxpUmK5tQ i0wlDc/syrs+jUJD3ebZSdnRzH3B/9TgXw0J9x7yJNym6GSzsvye7ySw4OmIlWXTKWPv oXuFYdofSYhi08dZ8WxJk8MOhd8QlX0ORILrE=
Thank you Deena,
Well it very good hint and will definitely work if you manage both
client and server.
rn
On Mon, Mar 21, 2011 at 1:49 PM, Deena Gurajala
<>
wrote:
> I did come across this kind of usage, but on IDP side. The redirect biding
> does not specify how to identify the key name used to verify the digital
> signature. Also the signature must not be in the SAML request (POST is
> allowed to have signature in side the XML).
>
> What I did was I extended the class used to send Redirect Response and
> overwrite the method and add your parameter. In my case I overwrite
> buildRedirectURL() method. My extended class looks like below. I think it is
> same for request or response. I think you can use this code.
>
> public class RedirectEncoder extends HTTPRedirectDeflateEncoder {
>
> private static final Logger
> logger=Logger.getLogger(RedirectEncoder.class);
>
> private String keyname;
>
> public RedirectEncoder(String keyName){
> super();
> this.keyname=keyName;
> }
>
> public RedirectEncoder(){
> super();
> }
> /**
> * Builds the URL to redirect the client to.
> *
> * @param messagesContext current message context
> * @param endpointURL endpoint URL to send encoded message to
> * @param message Deflated and Base64 encoded message
> *
> * @return URL to redirect client to
> *
> * @throws MessageEncodingException thrown if the SAML message is
> neither a RequestAbstractType or Response
> */
> @SuppressWarnings("unchecked")
> protected String buildRedirectURL(SAMLMessageContext messagesContext,
> String endpointURL, String message)
> throws MessageEncodingException {
> logger.debug("Building URL to redirect client to");
> URLBuilder urlBuilder = new URLBuilder(endpointURL);
>
> List<Pair<String, String>> queryParams =
> urlBuilder.getQueryParams();
> queryParams.clear();
>
> if (messagesContext.getOutboundSAMLMessage() instanceof
> RequestAbstractType) {
> queryParams.add(new Pair<String, String>("SAMLRequest",
> message));
> } else if (messagesContext.getOutboundSAMLMessage() instanceof
> StatusResponseType) {
> queryParams.add(new Pair<String, String>("SAMLResponse",
> message));
> } else {
> throw new MessageEncodingException(
> "SAML message is neither a SAML RequestAbstractType or
> StatusResponseType");
> }
>
> String relayState = messagesContext.getRelayState();
> if (checkRelayState(relayState)) {
> queryParams.add(new Pair<String, String>("RelayState",
> relayState));
> }
>
> Credential signingCredential =
> messagesContext.getOuboundSAMLMessageSigningCredential();
> if (signingCredential != null) {
> String sigAlgURI = getSignatureAlgorithmURI(signingCredential,
> null);
> Pair<String, String> sigAlg = new Pair<String, String>("SigAlg",
> sigAlgURI);
> queryParams.add(sigAlg);
> String sigMaterial = urlBuilder.buildQueryString();
>
> queryParams.add(new Pair<String, String>("Signature",
> generateSignature(signingCredential, sigAlgURI,
> sigMaterial)));
> }
> queryParams.add(new Pair<String, String>("KeyName", keyname));
>
> String queryString=urlBuilder.buildURL();
> if(logger.isDebugEnabled()){
> logger.debug("Query String ==>"+queryString);
> }
>
> return queryString;
> }
> }
>
>
> On Mon, Mar 21, 2011 at 10:33 AM, rangeli nepal
> <>
> wrote:
>>
>> I thought specification is mute about it. It just talks about
>> essential query parameters and some extent ordering. It does not talk
>> about extra query parameter.
>> rn
>>
>> On Mon, Mar 21, 2011 at 1:25 PM, Cantor, Scott E.
>> <>
>> wrote:
>> > On 3/21/11 1:17 PM, "rangeli nepal"
>> > <>
>> > wrote:
>> >>Now I like to send an extra query parameter using this binding. I
>> >>thought if I just change the endpoint location i.e
>> >
>> > That is not a legal use of the Redirect Binding.
>> >
>> > -- Scott
>> >
>> >
>
>
- [OpenSAML] Extra Query parameter (HTTP Redirect Binding), rangeli nepal, 03/21/2011
- Re: [OpenSAML] Extra Query parameter (HTTP Redirect Binding), Cantor, Scott E., 03/21/2011
- Re: [OpenSAML] Extra Query parameter (HTTP Redirect Binding), rangeli nepal, 03/21/2011
- Re: [OpenSAML] Extra Query parameter (HTTP Redirect Binding), Deena Gurajala, 03/21/2011
- Re: [OpenSAML] Extra Query parameter (HTTP Redirect Binding), rangeli nepal, 03/22/2011
- Re: [OpenSAML] Extra Query parameter (HTTP Redirect Binding), Cantor, Scott E., 03/21/2011
- Re: [OpenSAML] Extra Query parameter (HTTP Redirect Binding), rangeli nepal, 03/21/2011
- Re: [OpenSAML] Extra Query parameter (HTTP Redirect Binding), Cantor, Scott E., 03/21/2011
- Re: [OpenSAML] Extra Query parameter (HTTP Redirect Binding), rangeli nepal, 03/21/2011
- Re: [OpenSAML] Extra Query parameter (HTTP Redirect Binding), Deena Gurajala, 03/21/2011
- Re: [OpenSAML] Extra Query parameter (HTTP Redirect Binding), rangeli nepal, 03/21/2011
- Re: [OpenSAML] Extra Query parameter (HTTP Redirect Binding), Cantor, Scott E., 03/21/2011
Archive powered by MHonArc 2.6.16.