ComponentSpace

Forums



IdP-Initiated SSO


IdP-Initiated SSO

Author
Message
CMcHenry
CMcHenry
New Member
New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)

Group: Forum Members
Posts: 9, Visits: 65
We are evaluating your product for integration with a third-party custom SAML interface.  We are the Identity Provider and are initiating the connection.

I'm using the High Level API and calling InitiateSSO
     SAMLIdentityProvider.InitiateSSO(Response, userName, attributesSAML, targetUrl, partnerSP)

The recipient has confirmed I have the correct assertion consumer service URL in my saml.config.  But after authentication I should be loading their base URL plus a query string and then the full text of the SAML response, both Base64 encoded and URL encoded.
     https://testsite/SSO/NS/SAMLPatientDisplay.aspx?SAMLResponse=BASE64 ENCODED SAML HERE

I've added their base URL as the target URL but I don't know how to include the encoded SAML response on the end of that.

Thanks.

CMcHenry
CMcHenry
New Member
New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)

Group: Forum Members
Posts: 9, Visits: 65
CMcHenry - 11/20/2018
We are evaluating your product for integration with a third-party custom SAML interface.  We are the Identity Provider and are initiating the connection.

I'm using the High Level API and calling InitiateSSO
     SAMLIdentityProvider.InitiateSSO(Response, userName, attributesSAML, targetUrl, partnerSP)

The recipient has confirmed I have the correct assertion consumer service URL in my saml.config.  But after authentication I should be loading their base URL plus a query string and then the full text of the SAML response, both Base64 encoded and URL encoded.
     https://testsite/SSO/NS/SAMLPatientDisplay.aspx?SAMLResponse=BASE64 ENCODED SAML HERE

I've added their base URL as the target URL but I don't know how to include the encoded SAML response on the end of that.

Thanks.

I ended up getting it to work by using the Low Level API but I would prefer to use the High Level API if it's possible to do so.  Any thoughts?

    Dim samlResponseStr As String = samlResponse.ToString()

    Dim bytesToEncode() As Byte = Encoding.UTF8.GetBytes(samlResponseStr)
    Dim encodedData As String = Convert.ToBase64String(bytesToEncode)

    Dim strUrl As String = "http://testsite/SSO/NS/SAMLPatientDisplay.aspx?SAMLResponse=" & Server.UrlEncode(encodedData)
    IdentityProvider.SendSAMLResponseByHTTPPost(Response, strUrl, samlResponseXml, relayState)


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The SAML specification defines a number of bindings (ie transports) including HTTP-Post, where the SAML message is sent in an HTTP Post, and HTTP-Redirect where the SAML message is sent as a query string parameter.
Not all SAML message types are supported by all SAML bindings.
The "Conformance Requirements for the OASIS Security Assertion Markup Language (SAML) V2.0" document specifies which bindings may be used to send the various message types.
According to the specification, a SAML response must be sent using HTTP-Post. HTTP-Redirect is not supported.
One of the reasons for this is that a SAML response as a query string parameter may be too long for some browsers to support.
If the service provider is expecting the SAML response to be sent as a query string parameter, their SAML implementation is non-conforming.
I suggest checking with them as this would be highly unusual.
You should call SAMLIdentityProvider.InitiateSSO to have the SAML response sent over HTTP Post.
The service provider should expect to receive an HTTP Post at their assertion consumer service.


Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search