Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Signed SAML request missing SAMLRequest and RelayState #204

Closed
pparitkh opened this issue Nov 28, 2018 · 1 comment
Closed

Signed SAML request missing SAMLRequest and RelayState #204

pparitkh opened this issue Nov 28, 2018 · 1 comment

Comments

@pparitkh
Copy link

pparitkh commented Nov 28, 2018

SP initiated SSO process.
We are using java-saml 2.2.0 lib for quite some time, recently we observed that when we send a signed saml request the binding should be Redirect binding and so SAMLRequest should be part of URL. Unfortunately it is not and further digging on this discovered, its a POST call.

Maybe i am missing something, please correct me if my understand is wrong in anyway.

This is the url

POST https://dev-665918.oktapreview.com/app/dev665918_appdtest_1/exkhkcpoiuiszFBq90h7/sso/saml?SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=gYTd5KPpBzuZSSrWU7D7lNRFWjvEjLmxpeDDl4J%2Fugf2ZKDKftvGCimwwLvw%2Buh9en%2F4%2Bz7JGFh5R0gLAV7zLpNExBaSlimkgk5O6bDBBvoENdpzhtg9wo2xo4%2FKmHgcvSTE4FQ2tKeSAXj7CNkvxuRfNvYP14kGpfRtgc%2FqdPge5vu3YFRsXcWiOxYM0MoBM362nK8UYwRSJ8Hgsik0E9zhwZi8jb23nL4EDQe6n7giVOShG4AfK5%2BP9hZfm3JwvBW6QtCIR75MbHNT6PdnM84AQR%2FyMSl7osvNrwEEfVwWFCgOh9goofUNLkkOlToGUMLdtQ2AT%2Bnf4cEQb6zbdQ%3D%3D HTTP/1.1

This is the AuthnRequest -
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="ONELOGIN_ea877d5e-bbf4-4d72-81a6-6da659944a4c"
Version="2.0"
IssueInstant="2018-11-28T20:34:35Z"
Destination="https://dev-665918.oktapreview.com/app/dev665918_appdtest_1/exkhkcpoiuiszFBq90h7/sso/saml"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
AssertionConsumerServiceURL="http://localhost:8080/controller/saml-auth?accountName=customer1"
> saml:Issuerhttp://localhost:8080/controller</saml:Issuer> <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
AllowCreate="true"
/> </samlp:AuthnRequest>

And finally POST paramters

POST
SAMLRequest: PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iT05FTE9HSU5fZWE4NzdkNWUtYmJmNC00ZDcyLTgxYTYtNmRhNjU5OTQ0YTRjIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxOC0xMS0yOFQyMDozNDozNVoiIERlc3RpbmF0aW9uPSJodHRwczovL2Rldi02NjU5MTgub2t0YXByZXZpZXcuY29tL2FwcC9hcHBkeW5hbWljc2RldjY2NTkxOF9hcHBkdGVzdF8xL2V4a2hrY3BvaXVpc3pGQnE5MGg3L3Nzby9zYW1sIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIEFzc2VydGlvbkNvbnN1bWVyU2VydmljZVVSTD0iaHR0cDovL2xvY2FsaG9zdDo4MDgwL2NvbnRyb2xsZXIvc2FtbC1hdXRoP2FjY291bnROYW1lPWN1c3RvbWVyMSI+PHNhbWw6SXNzdWVyPmh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9jb250cm9sbGVyPC9zYW1sOklzc3Vlcj48c2FtbHA6TmFtZUlEUG9saWN5IEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6dW5zcGVjaWZpZWQiIEFsbG93Q3JlYXRlPSJ0cnVlIiAvPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg== RelayState: http://localhost:8080/controller/#

@pparitkh pparitkh changed the title Signed SAML request throwing POST call on "SSO login" instead of GET Signed SAML request missing SAMLRequest and RelayState Nov 28, 2018
@pitbulk
Copy link
Contributor

pitbulk commented Nov 29, 2018

Read #116

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants