The SAML web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

Service Provider Implementation - help

Hello Everyone,

I am new to SAML sp implementation. 

My Work assignment is

The End-user logs into the application(IDP)successfully and clicks on a link(Service Providers). When the user clicks on SP link, the IDP would send the SAML assertion in the String format.

As an Service Provider, my application should retrieve the SAML String and process(i.e., validate and verify the signature) it. If the signature and assertions are ok, then the user would be redirected to actual requested page.


I did below steps:
step1  : Downloaded source  code from opensaml -1.1 - Java
Step2: Test Class - which is a servlet.

I am using BrowserProfileProvider(http post)  


String samlResponseString = (String) req.getParameter("SAMLResponse");

BrowserProfileProvider profile = null;
SAMLBrowserProfile.BrowserProfileResponse samlResponce =null;

try {
profile = (BrowserProfileProvider) SAMLBrowserProfileFactory.getInstance();

SAMLBrowserProfile.BrowserProfileRequest samlRequest = new SAMLBrowserProfile.BrowserProfileRequest();

samlRequest.SAMLResponse = new String(samlResponseString);

samlResponce = profile.receive(
null, samlRequest,DRConfig.getString("recipientURL"),ReplayCacheFactory.getInstance(),

} catch (NoSuchProviderException e) {
logger.error("---------No such provider SAML ---"+e.toString());
}catch(SAMLException e){
logger.error("---Saml Exception while processing saml response from IDP---"+e.toString());
try {
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
} catch (SAMLException e) {
// TODO Auto-generated catch block


Can anybody suggest/help me whether I am in right direction or not?


Thanks in advance.


Hi Jaya,

Did you finally get to implement the SP? I have some basic questions which I am not getting answers anywhere/ from anyone. 

This isn't an OpenSAML support forum, you need to use the mailing list associated with that project if you have questions about using it.

You're also using dead, unsupported code and it would be helpful to prevent future mistakes if you could identify where you found any indication that you should be using it for a new project. Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I