Versions Compared

Version Old Version 24 New Version Current
Changes made by

Former user

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

SAML stands for Security Assertion Markup Language which is a XML based data format for exchanging authentication and authorization data between an identity provider and a service provider. The single most important requirement that SAML addresses is web browser single sign-on (SSO). Three main roles are defined in SAML Specification.

  1. The Principal : This is typically the user who requires a service from a service provider entity
  2. The Identity Provider : The SAML authority which provides the identity assertion to authenticate a principal
  3. The Service Provider : The SAML consumer which provides service for principals

...

  1. Add the OpenSAML library to the build path of the project. You can download the open SAML JAR file from here.
  2. A sample <AuthnRequest> message can be found here.

  3. According to SAML 2.0 specifications, the message must contain an element. Create the Issuer element first.

    Code Block
    String issuerId = "saml2.sso.demo";
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject("urn:oasis:names:tc:SAML:2.0:assertion", "Issuer", "samlp");
issuer.setValue(issuerId);

  4. Create the <AuthnRequest> next.

    Code Block
    // the issuerUrl is the url of the service provider who generates the  message
String issuerUrl = "http://localhost:8080/saml2.sso.demo/consumer";
DateTime issueInstant = new DateTime();
AuthnRequestBuilder authnRequestBuilder = new AuthnRequestBuilder();
AuthnRequest authnRequest = authnRequestBuilder.buildObject("urn:oasis:names:tc:SAML:2.0:protocol", "AuthnRequest", "samlp");
authnRequest.setForceAuthn(false);
authnRequest.setIsPassive(false);
authnRequest.setIssueInstant(issueInstant);
authnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
authnRequest.setAssertionConsumerServiceURL(issuerUrl);
authnRequest.setIssuer(issuer);
authnRequest.setID(aRandomId);
authnRequest.setVersion(SAMLVersion.VERSION_20);

    The message may contain many other elements like , etc. those elements can be created and added to the message in the same way.

  5. Next encode the message using Base64 encoding.

    Code Block
    Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(authnRequest);
Element authDOM = marshaller.marshall(authnRequest);

StringWriter rspWrt = new StringWriter();
XMLHelper.writeNode(authDOM, rspWrt);
String requestMessage = rspWrt.toString();
	     
Deflater deflater = new Deflater(Deflater.DEFLATED, true);
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteArrayOutputStream, deflater);
deflaterOutputStream.write(requestMessage.getBytes());
deflaterOutputStream.close();
	     
/* Encoding the compressed message */
String encodedRequestMessage = Base64.encodeBytes(byteArrayOutputStream.toByteArray(), Base64.DONT_BREAK_LINES);
String encodedAuthnRequest = URLEncoder.encode(encodedRequestMessage,"UTF-8").trim();

  6. Construct the redirection URL.

    Panel

    redirectionUrl = identitypProviderUrl+ "?SAMLRequest=" + encodedRequestMessage;

  7. Redirect the user to the identity provider.

    Panel

    response.sendRedirect(redirectionUrl);

...