cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Generate SAML 2.0 response

Go to solution
sanjeev_gadepalli
Explorer

on ‎10-27-2014 11:28 AM

0 Kudos


Hi,

We are configuring SSO with an external service provider and plan to use SAML 2.0 for this purpose.

We installed IDMFEDERATION on a NW Java 7.4 machine and configured IdP there. Installed the certificate from the service provider into the keystore and created the URL iView and maintained the parameters.

Service Provider is requesting a SAML 2.0 sample response file to configure the extraction part at his end. How do I create a SAML sample response file. Please let me know.

Thanks!!

BR,

Sanjeev

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member182254
Active Participant
‎10-29-2014 9:12 AM
0 Kudos

Hi,

Does the service provider really require a sample SAML 2.0 response in order to configure the trust? Normally this is done using a metadata file, not a sample SAML 2.0 response.

You can generate a SAML 2.0 response by triggering IDP-initiated SSO, e.g. accessing URL on the IDP: https://host:port/saml2/idp/sso?saml2sp=<sp_name>. A prerequisite is that you have already created a trusted SP entry in the IDP configuration. Use an HTTPWatch, Fidler or similar tool to extract the SAML response from the HTTP response.

Regards,

Dimitar

Show replies
Show replies
sanjeev_gadepalli
Explorer
‎10-30-2014 9:24 AM
0 Kudos

Hi Dimitar,

Thanks for the prompt response. I tried the same initially, but was trying to use basic browser debugging tools to capture and was unsuccessful. After reading your message i tried with HTTPWATCH basic and could not decrypt the certificate. Using FIDDLER helped and I was able to decrypt the HTTPS response.

Thanks again!!!

Regards,

Sanjeev

former_member182254
Active Participant
‎10-30-2014 9:34 AM
0 Kudos

Hi,

Forgot to mention in my previous post that if you are using Firefox you might try also the SAML Tracer add-on - SAML tracer :: Add-ons for Firefox. It will even base64 decode the SAML response and you can see it in plain text.

Regards,

Dimitar

Answers (1)

Answers (1)

former_member191660
Participant
‎10-29-2014 9:38 AM
0 Kudos

Hi,

How to generate the response, is described by Dimitar (except that the response needs to be decoded (e.g. using https://idp.ssocircle.com/sso/toolbox/samlDecode.jsp), and, if encrypted, needs to be decrypted, which can only be done by the key stored at service provider.

if you enable SAML relevant Log Locations to the level "All" you will get the full response (SAML Assertion) in plain text in the logs.

as to the reason: I can imagine that the service provider needs to see which user attributes are being included in the response and which IDs they have... Although, this is usually done the other way around: the Service Provider tells which attributes they need and which IDs they have, and this is then configured in the federation settings of the service provider at IdP

Cheers, Sergei

Show replies
Show replies
sanjeev_gadepalli
Explorer
‎10-30-2014 9:25 AM
0 Kudos

Hi Sergei,

Thanks for reply. I was able to decode response with the link you provided and send it to the Service Provider.

This whole exercise really helped me to understand the concept better as well.

Thanks again.

Regards,

Sanjeev

Ask a Question