0

I have connected to two different saml2.0 identity providers. Test IdP https://hub.docker.com/r/kristophjunge/test-saml-idp/ And a Third party idp.

I am new to SAML so I may be missing something here. It turns out that the test idp works perfectly with the demo code at (https://github.com/pac4j/ratpack-pac4j-demo). On login, the context Session contains Pac4jSessionKeys.USER_PROFILE.

However, for the other idp the profile does not end up in the session. The session contains only Pac4jSessionKeys.REQUESTED_URL

On login the id responds with a XHTML form specified like in https://en.wikipedia.org/wiki/SAML_2.0 This response is sent in the body. This is not the case for the test idp which seems to work well with the test code above.

Since I am not familiar with SAML2.0 I am wondering if there are different specs I am not aware of?

Do I have to parse the XHTML body myself? I suppose if this is the standard way to do things then ratpack will already have support for this.

Hadi Moloodi
  • 639
  • 7
  • 12
flexxxit
  • 2,440
  • 5
  • 42
  • 69
  • Which binding type do you use? – Hadi Moloodi Oct 28 '19 at 12:18
  • I use both Redirect and POST. The third party idp seems to use post when sending back to my applications – flexxxit Oct 28 '19 at 13:32
  • Your application is web-based, right? – Hadi Moloodi Oct 28 '19 at 19:51
  • Yes it is a web appplication. Yes – flexxxit Oct 28 '19 at 20:31
  • When you use POST binding, SAML Response is embedded inside a form. Then the IDP sends this form inside an HTML page along with a simple javascript which is responsible for automatic redirection. Is your third-party idp in compliance with these procedures? – Hadi Moloodi Oct 28 '19 at 21:17
  • oh really? Where is this specification document? In other words you are saying that pac4j expects only a redirect? So if the the IDp is not compliant then i would have to parse and verify the form myself?\ – flexxxit Oct 29 '19 at 09:24
  • I changed my service to use Redirect binding it was previously defaulting to the POST Binding. I still experience the same issue though. The thirdparty service provider supports Redirect Binding – flexxxit Oct 30 '19 at 09:24
  • My bad. My callback url on the idp was not right. Works fine now. – flexxxit Oct 30 '19 at 14:52

0 Answers0