--
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/ebef7fce-9bdf-46ba-ada2-3ce930d5ef17%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
|
|
CONFIDENTIAL AND PRIVILEGED - This e-mail and any attachment is intended solely for the addressee, is strictly confidential and may also be subject to legal, professional or other privilege or may be protected by work product immunity or other legal rules. If you are not the addressee please do not read, print, re-transmit, store or act in reliance on it or any attachments. Instead, please email it back to the sender and then immediately permanently delete it. Pixl8 Interactive Ltd Registered in England. Registered number: 04336501. Registered office: 8 Spur Road, Cosham, Portsmouth, Hampshire, PO6 3EB |
Hi,Thanks for the reply. The script I´m using is below. For test purposes I am setting the variable SAMLResponse with the SAML assertion:<cfset SAMLResponse = "PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhb......"><cfset x509cert = SAMLSvc.getIdpCertificate()>
<cfscript>
xmlResponse=CharsetEncode(BinaryDecode(SAMLResponse,"Base64") ,"utf-8");
docElement = XmlParse(xmlResponse).getDocumentElement();
responseID = docElement.getAttributes().getNamedItem('ID').getTextContent();
//writedump(xmlResponse);
//IdP is signing the SAML Response using a "non standard" ID attribute, which is only supported in DOM3 and XMLBeans does not support DOM3
//the Assertion ID must be registerd before Signature Validation
idResolver = CreateObject("Java", "org.apache.xml.security.utils.IdResolver");
assertionElement = docElement.getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:assertion", "Assertion").item(0);
attrStore = assertionElement.getAttributes();
idAttr = CreateObject("Java","org.w3c.dom.Attr");
idAttr = attrStore.getNamedItem("ID");idResolver.registerElementById(assertionElement, idAttr);SignatureConstants=CreateObject( "Java", "org.apache.xml.security.utils.Constants");
SignatureSpecNS=SignatureConstants.SignatureSpecNS;
//Must initiate only first time
SecInit = CreateObject("Java", "org.apache.xml.security.Init").Init().init();
xmlSignatureClass = CreateObject("Java", "org.apache.xml.security.signature.XMLSignature");
signature = XMLSignatureClass.init(docElement.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig##","Signature").item(0), javacast("string",""));
// Verify Signature
isValid = signature.checkSignatureValue(x509cert);
//Extract conditions
conditionElement = docElement.getElementsByTagName("saml:Conditions").item(0);
conditions = conditionElement.getAttributes();
before = conditions.getNamedItem("NotBefore").getNodeValue();
after = conditions.getNamedItem("NotOnOrAfter").getNodeValue();
// Extract User
attributesElement = docElement.getElementsByTagName("saml:AttributeStatement").item(0);
attributes = attributesElement.getAttributes();
ssouser = StructNew();
for (
attNo = 0 ;
attNo LT attributesElement.getLength() ;
attNo = (attNo + 1)
){
name = attributesElement.item(attNo).getAttributes().getNamedItem('Name').getTextContent();
value = attributesElement.item(attNo).item(0).getTextContent();
ssouser[name] = value;
}
</cfscript>Best Regards,
Stefan Wendin
Senior Software Developer
___________________________________________________________________________________
Software for Knowledge Management & Competitive IntelligenceComintelli®
Kista Science Tower | S-164 51 Kista, Sweden
Internet:www.comintelli.com
E-mail:stefan...@comintelli.com
Mobile: +46 70 269 95 01| Skype: stefanw70------ Originalmeddelande ------Från: "Dominic Watson" <dominic...@pixl8.co.uk>Till: lu...@googlegroups.comSkickat: 2015-05-21 18:29:04Ämne: Re: [Lucee] SAML - consume assertion error
We'll need some code I think to be able to help. I've done some SAML2 work so might have some clue. I imagine however that its not related to that. Could you post the code that your using to process the incoming assertion request with?Dominic
On 21 May 2015 at 13:50, Stefan Wendin <stefan...@comintelli.com> wrote:
I have an SAML test page that used to work in Coldfusion. What I do is to handle the POSTed assertion, validate the signature based on public key. In Lucee it generates an error message in my log file as seen below:Error occured trying to extract assertion data... The Reference for URI #dcaff33285ac6a7aba31ed254627dfce has no XMLSignatureInput; ; samlAssertionXML: PHNhbWx....I added xmlsec.jar to Lucee which I also did on CF. Anyone experiencing the same issue?Regards //Stefan
--
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/ebef7fce-9bdf-46ba-ada2-3ce930d5ef17%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.
--
Pixl8 Interactive, 3 Tun Yard, Peardon Street, London
SW8 3HT, United Kingdom
Follow us on: Facebook Twitter LinkedIn
CONFIDENTIAL AND PRIVILEGED - This e-mail and any attachment is intended solely for the addressee, is strictly confidential and may also be subject to legal, professional or other privilege or may be protected by work product immunity or other legal rules. If you are not the addressee please do not read, print, re-transmit, store or act in reliance on it or any attachments. Instead, please email it back to the sender and then immediately permanently delete it. Pixl8 Interactive Ltd Registered in England. Registered number: 04336501. Registered office: 8 Spur Road, Cosham, Portsmouth, Hampshire, PO6 3EB
--
You received this message because you are subscribed to a topic in the Google Groups "Lucee" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/lucee/xWkoeVTMNEY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CAEYvUx%3DpZZeGEtNCjucMaNPZ8B1T57n653g3bjsSBTmbRFsFfQ%40mail.gmail.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/em1c10c468-15b3-476a-86f6-7b76fd596033%40stefan-omen.