CODEWITHSUNDEEP
javasamlhttp-redirectinflate
Stefano
Stefano

Reputation: 367

How can I properly decode a SAML request in Java (HTTP redirect)?

I am working with a SAML request using the HTTP-redirect binding. I read in another post that the following steps are required in order to retrieve the original content of a SAML request (SAMLRequest parameter in the URL):

  1. URL decoding
  2. Base64 decoding
  3. Inflating the content

Although those steps are quite clear to me, I can't get the SAML request in the XML format. I believe the mistake is in the third step, maybe there is more than one way to inflate bytes? This is the Java function which executes the three above, given the argument which is the value of the SAML parameter in the URL.

private String decodeMessage(String SAMLContent) {
        try {
            //URLDecode, Base64 and inflate data

            //URLDecode
            SAMLContent = URLDecoder.decode(SAMLContent, "UTF-8");

            //Base64 decoding
            SAMLContent = new String(Base64.getDecoder().decode(SAMLContent), "UTF-8");

            //Inflating data
            try {
                byte[] compressed = new byte[10 * SAMLContent.getBytes().length];
                Inflater i = new Inflater(true);
                i.setInput(SAMLContent.getBytes(), 0, SAMLContent.getBytes().length);
                int finalSize = i.inflate(compressed);
                //Exception is thrown here
                SAMLContent = new String(SAMLContent.getBytes(), 0, finalSize, "UTF-8");
                i.end();


            } catch (DataFormatException ex) {
                JOptionPane.showMessageDialog(null, "DFE: " + ex.getMessage());
            }

        } catch (UnsupportedEncodingException ex) {
            JOptionPane.showMessageDialog(null, "UEE: " + ex.getMessage());
        }

        return SAMLContent;

    }

If I copy and paste the output of the first step here, I can see the well-formatted XML at the bottom of the page, so at least the URL decoding works as intended. If you have any solution please let me know, thanks.

Upvotes: 3

Views: 6325

Answers (1)

codebrane
codebrane

Reputation: 4620

This is how I do it. The flow is detect the request is HTTP-Redirect, base64 decode the request and then inflate it. The following links are to code that does all this in github.

Receive the request

Decode the request

Inflate the XML

If you get

Incorrect header check

check this answer

and you might need to change the inflate code to:

return new String(inflatedData, 0, inflatedBytesLength, "UTF-8");

Upvotes: 5

Related Questions