saml-client icon indicating copy to clipboard operation
saml-client copied to clipboard
verified publisher icon coveooss

Should support HTTP-Redirect binding for SAML request and HTTP-POST for SAML response

Open yyy opened this issue 6 years ago • 1 comments

Currently, SamlClient.fromMetadata takes a single samlBinding and uses it to both resolve the IDP endpoint and to populate the ProtocolBinding parameter in the AuthnRequest. But I should be able to set these up independently.

yyy avatar Feb 15 '19 01:02 yyy

Is this issue going to be addressed?

Currently, I'm having to do a horrible hack to workaround this and #25 :

            // check if SAML request starts with XML declaration: Base64("<?x") = "PD94"
            // which means it's not compressed
            if(samlRequest.startsWith("PD94")) {
                String rawStr = EncodingUtils.decodeB64(samlRequest);

                // this code needs to be reorganized if saml-client fixes #25 and doesn't fix #26
                rawStr = rawStr.replace("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
                        "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");

                byte[] raw = rawStr.getBytes(StandardCharsets.UTF_8);

                byte[] compressed = CompressionUtils.compress(raw, new Deflater(Deflater.DEFLATED, true));
                samlRequest = EncodingUtils.encodeB64(compressed);
            }

yyy avatar Nov 04 '19 22:11 yyy