Skip to Content
avatar image
Former Member

Generate SAML 2.0 response


Hi,

We are configuring SSO with an external service provider and plan to use SAML 2.0 for this purpose.

We installed IDMFEDERATION on a NW Java 7.4 machine and configured IdP there. Installed the certificate from the service provider into the keystore and created the URL iView and maintained the parameters.

Service Provider is requesting a SAML 2.0 sample response file to configure the extraction part at his end. How do I create a SAML sample response file. Please let me know.

Thanks!!

BR,

Sanjeev

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    avatar image
    Former Member
    Oct 29, 2014 at 09:12 AM

    Hi,

    Does the service provider really require a sample SAML 2.0 response in order to configure the trust? Normally this is done using a metadata file, not a sample SAML 2.0 response.

    You can generate a SAML 2.0 response by triggering IDP-initiated SSO, e.g. accessing URL on the IDP: https://host:port/saml2/idp/sso?saml2sp=<sp_name>. A prerequisite is that you have already created a trusted SP entry in the IDP configuration. Use an HTTPWatch, Fidler or similar tool to extract the SAML response from the HTTP response.

    Regards,

    Dimitar

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 29, 2014 at 09:38 AM

    Hi,

    How to generate the response, is described by Dimitar (except that the response needs to be decoded (e.g. using https://idp.ssocircle.com/sso/toolbox/samlDecode.jsp), and, if encrypted, needs to be decrypted, which can only be done by the key stored at service provider.

    if you enable SAML relevant Log Locations to the level "All" you will get the full response (SAML Assertion) in plain text in the logs.

    as to the reason: I can imagine that the service provider needs to see which user attributes are being included in the response and which IDs they have... Although, this is usually done the other way around: the Service Provider tells which attributes they need and which IDs they have, and this is then configured in the federation settings of the service provider at IdP

    Cheers, Sergei

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Sergei,

      Thanks for reply. I was able to decode response with the link you provided and send it to the Service Provider.

      This whole exercise really helped me to understand the concept better as well.

      Thanks again.

      Regards,

      Sanjeev