Hello Everyone,

I am new to SAML sp implementation. 

My Work assignment is

The End-user logs into the application(IDP)successfully and clicks on a link(Service Providers). When the user clicks on SP link, the IDP would send the SAML assertion in the String format.

As an Service Provider, my application should retrieve the SAML String and process(i.e., validate and verify the signature) it. If the signature and assertions are ok, then the user would be redirected to actual requested page.

I did below steps:
step1  : Downloaded source  code from opensaml -1.1 - Java
Step2: Test Class - which is a servlet.

I am using BrowserProfileProvider(http post)  

String samlResponseString = (String) req.getParameter("SAMLResponse");

BrowserProfileProvider profile = null;
SAMLBrowserProfile.BrowserProfileResponse samlResponce =null;

try {
profile = (BrowserProfileProvider) SAMLBrowserProfileFactory.getInstance();

SAMLBrowserProfile.BrowserProfileRequest samlRequest = new SAMLBrowserProfile.BrowserProfileRequest();

samlRequest.SAMLResponse = new String(samlResponseString);



samlResponce = profile.receive(
null, samlRequest,DRConfig.getString("recipientURL"),ReplayCacheFactory.getInstance(),
null,1);

} catch (NoSuchProviderException e) {
logger.error("---------No such provider SAML ---"+e.toString());
e.printStackTrace();
}catch(SAMLException e){
logger.error("---Saml Exception while processing saml response from IDP---"+e.toString());
e.printStackTrace();
}
try {
samlResponce.assertion.verify(ks.getCertificate(alias).getPublicKey());
samlResponce.response.verify(ks.getCertificate(alias).getPublicKey());
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SAMLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}

Can anybody suggest/help me whether I am in right direction or not?

Thanks in advance.

Jaya