IdP Initiated SSO with SAML Response (Unsolicited Response)

[Jeffrey Wang]

I am trying to set up my app to be compliant with a client's SSO process, in which they are the IdP and will POST to us their SAMLResponse that we will have to validate. 

I've read in another post that just by setting the defaultUrl, we can achieve an IdP initiated SSO process.

Does anyone have an example of what this might look like? 

I'm fairly new to SAML and SSOs.

[Tim Cederquist]

I have a similar issue with an IdP initiated auth that links into my application with a default POST style url at the IdP. Trying to find a way to use pac4j-saml to review the IdP response for nameId and roles/groups. I have this working with another limited tool like this:

    @POST

    @Path("/login")

    @Produces(MediaType.TEXT_HTML)

    public Response authenticate(@FormParam("SAMLResponse") String encodedResponse) throws SamlException, IOException {

log.trace("Starting saml receipt");

SamlClient client = SamlClient.fromMetadata("https://localhost:8183/rest/saml2/login", "http://fp.mycompany.com/adfs/services/trust", new InputStreamReader( new FileInputStream("c:/temp/FederationMetadata.xml")), SamlClient.SamlIdpBinding.POST);

        SamlResponse response = client.decodeAndValidateSamlResponse(encodedResponse);

        String authenticatedUser = response.getNameID();

log.info("name id: {}", authenticatedUser);

   }

But not sure how to do this from Pac4J-saml yet. Ideas anyone?

[Jérôme LELEU]

Hi,

SAML responses should be received on the callback endpoint. Or you can reuse the callback logic anywhere you want (although I don't recommend this approach).

Thanks.

Best regards,

Jérôme

--
You received this message because you are subscribed to the Google Groups "Pac4j users mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Tim Cederquist]

Do you have sample code for how to do that in pac4j-saml? I have not been able to locate an api or samples to read and decode an idp response. Looking to pull the username as a NameId claim and other claim details for example.

Thanks

[Jeffrey Wang]

Seconding this

-- 

Jeffrey Wang

University of California, Davis

Computer Science '17

(808) 356-9096

On Tue, May 15, 2018 at 11:46 AM, Tim Cederquist <tcede...@ermas.com> wrote:

Do you have sample code for how to do that in pac4j-saml? I have not been able to locate an api or samples to read and decode an idp response. Looking to pull the username as a NameId claim and other claim details for example.

Thanks

--
You received this message because you are subscribed to a topic in the Google Groups "Pac4j users mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/pac4j-users/WarwgzprRzw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to pac4j-users+unsubscribe@googlegroups.com.

[Jérôme LELEU]

Hi,

On the callback URL, the SAML response is received to extract credentials and built a SAML2Profile. Here is the entry point: https://github.com/pac4j/pac4j/blob/master/pac4j-saml/src/main/java/org/pac4j/saml/client/SAML2Client.java#L109

Thanks.

Best regards,

Jérôme

--

You received this message because you are subscribed to the Google Groups "Pac4j users mailing list" group.

To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users+unsubscribe@googlegroups.com.