CODEWITHSUNDEEP
javasamlresteasy
Parth Doshi
Parth Doshi

Reputation: 4208

How to handle SAML v2 response using OpenSAML in RestEasy service

I have read about how SAML v2 is working from this link. I see that I require an Assertion Consumer Service URL that will receive the SAML v2 response.

Currently, the URL I provide is a RESTEasy endpoint developed using Java and deployed on Tomcat. Assuming the SAML v2 response will be received at this endpoint, what method type should I provide my endpoint (GET or POST) and also what should it consume (XML or JSON)

What should be the logic inside the endpoint to parse the SAML v2 response. I am aware of using OpenSAML in Java but can that be used in my case as well?

My Java code looks like follows

@POST
@Path("/getDetails")
@Consumes("application/xml")
public Response getDetails(String xml,@HeaderParam("Authorization") String authorization){
      //how to consume and decrypt SAML response over here?
    return Response.status(Constants.RESPONSE_CODE_OK).entity(Constants.DATA_OK).build();
}

Upvotes: 0

Views: 1452

Answers (1)

Pooja Aggarwal
Pooja Aggarwal

Reputation: 1213

You can actually specify whether your assertion consumer service URL will be post or redirect(GET) in your metadata.

In your metadata, you provide the below tag:

 <AssertionConsumerService
            index="1"
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
            Location="https://LoadBalancer-9.siroe.com:3443/
            federation/Consumer/metaAlias/sp"/>

It should accept XML as SAML v2 response will be in XML in particular format.

Also you can use onelogin saml API,

https://github.com/onelogin/java-saml

To understand example request and response you can use the below link: https://www.samltool.com/online_tools.php

For opensaml you can get an example code from the below link and with the help of it, you can have your own implementation http://www.capcourse.com/Library/OpenSAML/index.html

Upvotes: 1

Related Questions