2

I've created sample solution that post encrypted SAML file to IDP using Component Space library. The request posted successfully. However, I didn't get expected response. I communicated with the IDP who told me that The request should come across the following steps.

  1. Deflate & Base64 encode
  2. URL encode

Below are my saml.config and method that i used to send the file with test value "10" for relay state.

My question is:

Is their any way to configure saml.config file to apply requests from IDP? If no is their any workaround that i can follow?

SAML.config

<SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">
<ServiceProvider Name="http://localhost:45661/"
               LocalCertificateFile="localCertificatePath.p12"/>
<PartnerIdentityProviders>

<PartnerIdentityProvider Name="Tawtheeq Online"
                         SignAuthnRequest="true"

SignatureMethod="http://www.w3.org/2000/09/xmldsig#rsa-sha1"

SingleSignOnServiceBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                         SingleSignOnServiceUrl="Destination URL"
                         PartnerCertificateFile="IDPcertificateURL.cer"/>
</PartnerIdentityProviders>
</SAMLConfiguration>

Method:

private void TestComponentSpaceSaml()
{
   var ConsumerServiceName = "Tawtheeq Online";
   SAMLServiceProvider.InitiateSSO(Response, "10", ConsumerServiceName);
}
Di Kamal
  • 173
  • 13

1 Answers1

0

You should confirm with the IdP exactly which binding should be used to send the SAML authn request. If they expect the Deflate encoding this indicates they expect the HTTP-Redirect binding to be used. If that's the case, remove the SingleSignOnServiceBinding setting from your configuration so it defaults to HTTP-Redirect.

There won't be any issues with the encoding of the SAML Message being sent. No workaround is required.

You should ask the IdP for more details as to what the issue is.

ComponentSpace
  • 1,287
  • 6
  • 9
  • The idp want to deflate and encode the generated file then sending it as a Post string file to the URL. – Di Kamal Sep 13 '18 at 06:31
  • The SAMLv2 Binding Specification https://www.oasis-open.org/committees/download.php/35387/sstc-saml-bindings-errata-2.0-wd-05-diff.pdf defines how the SAML messages have to be transported between the entities. If the IdP expects an HTTP POST request to be used to send the SAML AuthnRequest to the SingleSignOn endpoint, then it seems it expect HTTP POST Binding to be used. In this case the SAML message XML has to be base-64 encoded. not deflate encoding. See section 3.5.4 of the mentioned document. Otherwise the IdP is not SAMLv2 compliant. – Bernhard Thalmayr Sep 14 '18 at 08:36