The SAML XML.org web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

Diff for Service Provider Implementation - help

Wed, 2009-11-04 19:05 by jayaWed, 2009-11-04 19:13 by jaya
Changes to Body
Line 13Line 13
 
<br />
 
<br />
 
As an Service Provider, my application should retrieve the SAML String and process(i.e., validate and verify the signature) it. If the signature and assertions are ok, then the user would be redirected to actual requested page. <br />
 
As an Service Provider, my application should retrieve the SAML String and process(i.e., validate and verify the signature) it. If the signature and assertions are ok, then the user would be redirected to actual requested page. <br />
  +
</p>
  +
<p>
 
<br />
 
<br />
  +
</p>
  +
<p>
  +
&nbsp;
  +
</p>
  +
<p>
 
I did below steps:<br />
 
I did below steps:<br />
 
step1  : Downloaded source  code from opensaml -1.1 - Java<br />
 
step1  : Downloaded source  code from opensaml -1.1 - Java<br />
-
Step2: Test Class - which is a servlet.<br />
+
Step2: Test Class - which is a servlet.
-
Implemented by using opensaml package.<br />
+
</p>
  +
<p>
  +
I am using BrowserProfileProvider(http post)  
  +
</p>
  +
<p>
  +
&nbsp;
  +
</p>
  +
<p>
  +
String samlResponseString = (String) req.getParameter(&quot;SAMLResponse&quot;);<br />
 
<br />
 
<br />
-
                String samlResponseString = (String) req.getParameter(&quot;SAMLResponse&quot;);<br />
+
BrowserProfileProvider profile = null;<br />
-
                 <br />
+
SAMLBrowserProfile.BrowserProfileResponse samlResponce =null;<br />
-
                BrowserProfileProvider profile = null;<br />
+
<br />
-
                SAMLBrowserProfile.BrowserProfileResponse samlResponce =null;<br />
+
try {<br />
-
                <br />
+
profile = (BrowserProfileProvider) SAMLBrowserProfileFactory.getInstance();<br />
-
                try {<br />
+
<br />
-
                    profile = (BrowserProfileProvider) SAMLBrowserProfileFactory.getInstance();<br />
+
SAMLBrowserProfile.BrowserProfileRequest samlRequest = new SAMLBrowserProfile.BrowserProfileRequest();<br />
-
                    <br />
+
<br />
-
                    SAMLBrowserProfile.BrowserProfileRequest samlRequest = new SAMLBrowserProfile.BrowserProfileRequest();<br />
+
samlRequest.SAMLResponse = new String(samlResponseString);<br />
-
                    <br />
+
<br />
-
                    samlRequest.SAMLResponse = new String(samlResponseString);<br />
+
<br />
-
                    <br />
+
<br />
-
                    <br />
+
samlResponce = profile.receive(<br />
-
                    <br />
+
null, samlRequest,DRConfig.getString(&quot;recipientURL&quot;),ReplayCacheFactory.getInstance(),<br />
-
                    samlResponce = profile.receive(<br />
+
null,1);<br />
-
                            null, samlRequest,DRConfig.getString(&quot;recipientURL&quot;),ReplayCacheFactory.getInstance(),<br />
+
<br />
-
                            null,1);<br />
+
} catch (NoSuchProviderException e) {<br />
-
                        <br />
+
logger.error(&quot;---------No such provider SAML ---&quot;+e.toString());<br />
-
                } catch (NoSuchProviderException e) {<br />
+
e.printStackTrace();<br />
-
                    logger.error(&quot;---------No such provider SAML ---&quot;+e.toString());<br />
+
}catch(SAMLException e){<br />
-
                    e.printStackTrace();<br />
+
logger.error(&quot;---Saml Exception while processing saml response from IDP---&quot;+e.toString());<br />
-
                }catch(SAMLException e){<br />
+
e.printStackTrace();<br />
-
                    logger.error(&quot;---Saml Exception while processing saml response from IDP---&quot;+e.toString());<br />
+
}<br />
-
                    e.printStackTrace();<br />
+
try {<br />
-
                }<br />
+
samlResponce.assertion.verify(ks.getCertificate(alias).getPublicKey());<br />
-
                    try {<br />
+
samlResponce.response.verify(ks.getCertificate(alias).getPublicKey());<br />
-
                        samlResponce.assertion.verify(ks.getCertificate(alias).getPublicKey());<br />
+
} catch (KeyStoreException e) {<br />
-
                        samlResponce.response.verify(ks.getCertificate(alias).getPublicKey());<br />
+
// TODO Auto-generated catch block<br />
-
                    } catch (KeyStoreException e) {<br />
+
e.printStackTrace();<br />
-
                        // TODO Auto-generated catch block<br />
+
} catch (SAMLException e) {<br />
-
                        e.printStackTrace();<br />
+
// TODO Auto-generated catch block<br />
-
                    } catch (SAMLException e) {<br />
+
e.printStackTrace();<br />
-
                        // TODO Auto-generated catch block<br />
+
}
-
                        e.printStackTrace();<br />
+
-
                    }
+
 
</p>
 
</p>
 
<p>
 
<p>
Current revision:

Service Provider Implementation - help

Hello Everyone,

I am new to SAML sp implementation. 

My Work assignment is


The End-user logs into the application(IDP)successfully and clicks on a link(Service Providers). When the user clicks on SP link, the IDP would send the SAML assertion in the String format.

As an Service Provider, my application should retrieve the SAML String and process(i.e., validate and verify the signature) it. If the signature and assertions are ok, then the user would be redirected to actual requested page.


 

I did below steps:
step1  : Downloaded source  code from opensaml -1.1 - Java
Step2: Test Class - which is a servlet.

I am using BrowserProfileProvider(http post)  

 

String samlResponseString = (String) req.getParameter("SAMLResponse");

BrowserProfileProvider profile = null;
SAMLBrowserProfile.BrowserProfileResponse samlResponce =null;

try {
profile = (BrowserProfileProvider) SAMLBrowserProfileFactory.getInstance();

SAMLBrowserProfile.BrowserProfileRequest samlRequest = new SAMLBrowserProfile.BrowserProfileRequest();

samlRequest.SAMLResponse = new String(samlResponseString);



samlResponce = profile.receive(
null, samlRequest,DRConfig.getString("recipientURL"),ReplayCacheFactory.getInstance(),
null,1);

} catch (NoSuchProviderException e) {
logger.error("---------No such provider SAML ---"+e.toString());
e.printStackTrace();
}catch(SAMLException e){
logger.error("---Saml Exception while processing saml response from IDP---"+e.toString());
e.printStackTrace();
}
try {
samlResponce.assertion.verify(ks.getCertificate(alias).getPublicKey());
samlResponce.response.verify(ks.getCertificate(alias).getPublicKey());
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SAMLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}

 

Can anybody suggest/help me whether I am in right direction or not?

 

Thanks in advance.

Jaya

XML.org Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | XML.org | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I