The SAML web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

Revision of Service Provider Implementation - help from Wed, 2009-11-04 19:05

Hello Everyone,

I am new to SAML sp implementation. 

My Work assignment is

The End-user logs into the application(IDP)successfully and clicks on a link(Service Providers). When the user clicks on SP link, the IDP would send the SAML assertion in the String format.

As an Service Provider, my application should retrieve the SAML String and process(i.e., validate and verify the signature) it. If the signature and assertions are ok, then the user would be redirected to actual requested page.

I did below steps:
step1  : Downloaded source  code from opensaml -1.1 - Java
Step2: Test Class - which is a servlet.
Implemented by using opensaml package.

                String samlResponseString = (String) req.getParameter("SAMLResponse");
                BrowserProfileProvider profile = null;
                SAMLBrowserProfile.BrowserProfileResponse samlResponce =null;
                try {
                    profile = (BrowserProfileProvider) SAMLBrowserProfileFactory.getInstance();
                    SAMLBrowserProfile.BrowserProfileRequest samlRequest = new SAMLBrowserProfile.BrowserProfileRequest();
                    samlRequest.SAMLResponse = new String(samlResponseString);
                    samlResponce = profile.receive(
                            null, samlRequest,DRConfig.getString("recipientURL"),ReplayCacheFactory.getInstance(),
                } catch (NoSuchProviderException e) {
                    logger.error("---------No such provider SAML ---"+e.toString());
                }catch(SAMLException e){
                    logger.error("---Saml Exception while processing saml response from IDP---"+e.toString());
                    try {
                    } catch (KeyStoreException e) {
                        // TODO Auto-generated catch block
                    } catch (SAMLException e) {
                        // TODO Auto-generated catch block


Can anybody suggest/help me whether I am in right direction or not?


Thanks in advance.

Jaya Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I