how to get SAMLResponse from request

Question

Can any body help me how to capture the SAMLResponse.I am using Spring SAML.

I have used below snipet in the custom filter where the authenticatinSuccesshandler sends. but getting a null. String responseMessage = httpServletRequest.getParameter("SAMLResponse");

please advice me.

Answer 1

The typical use-case is to get access to the SAML assertion and this can be achieved as is described in this response. The assertion is also available in the Authentication object, you can load it using the following piece of code, for example from your authentication success handler:

Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
SAMLCredential credential = (SAMLCredential) authentication.getCredentials();
String assertion = XMLHelper.nodeToString(SAMLUtil.marshallMessage(credential.getAuthenticationAssertion();

The assertion is stored as an unmarshalled java object which doesn't keep all the details as received. In case you need to keep the value in exactly the same format as received (including white spaces, ...), make sure to set releaseDOM to false on WebSSOProfileConsumerImpl bean.

You can access the SAML Response object e.g. by overriding classes in bean WebSSOProfileConsumerImpl, where it's being processed inside the SAMLMessageContext object.