OpenSAML user discussion

[Brent Putman <>]

Right, it's not in the Assertions and Protocols document, it's in the
Bindings document.  The SAML spec consists of several documents, not
just the Assertions and Protocols one.  They are all linked from the
page I earlier sent.


On 5/12/11 6:49 PM, Gina Choi wrote:
> Hi Brent,
>
> Thanks for your response and link to saml specifications. We are using HTTP
> POST binding and as you said, according to the spec, it must use
> "SAMLResponse". I have Assertions and Protocols for the OASIS Security
> Assertion Markup Language (SAML) V2.0 OASIS Standard, 15 March 2005, but I
> don't remember that it mention about form control name.
>
> Thanks again.
>
> Gina
>
> -----Original Message-----
> From: 
> 
> [mailto:]
>  On Behalf Of Brent Putman
> Sent: Thursday, May 12, 2011 3:12 PM
> To: 
> 
> Subject: Re: [OpenSAML] request:get-parameter("SAMLResponse", "")
>
> Something like that is going to be defined by the binding in use.  If
> it's one of the bindings defined by the SAML specification (which it
> probably is), you can see the SAML Bindings spec for all the details[1].
>  If it's HTTP-POST or HTTP-Redirect DEFLATE, then yes, that is the name
> defined by the spec.  If you're implementing an SP, you should really
> take a look at these specs, though.
>
> Also, OpenSAML makes doing this manual processing unnecessary.  We have
> components called decoders (and encoders) that handle all of this for you.
>
>
> 1. http://saml.xml.org/saml-specifications
>
>
>
> On 5/12/11 2:30 PM, Gina Choi wrote:
>> I am getting SAML response token from ADFS using
>> request:get-parameter("SAMLResponse", "") method. My question here is if
>> parameter name - "SAMLResponse" is standard? Or it can be different
>> depends on identity provider? I try to figure out if it is ok to
>> harcode "SAMLResponse" or make it configurable.
>>
>>  
>>
>> Thanks.
>>
>>  
>>
>> Gina
>>
>>  
>>