Skip to content
Advertisement

Handling a SAML response

I’m new to SAML 2 and I’m working on a tool that requires SSO, but I’m clueless on how to go about it. Here’s the flow:

1) User accesses main website and chooses to log in. 2) User enters login information and submits 3) System validates credentials, generates a SAML response and redirects user to the new tool along with the SAML response as a POST variable. 4) The new tool parses the response, stores/updates information in the database and creates an active session for the user.

1,2 and 3 are already created on the main website. What I’m working on is 4. The main developers provided us with a sample SAML response and a certificate. I have 2 issues/questions:

1) Using the SSO form on the test server, I entered the return URL to a php file on my server and submitted the form. It logged me in and redirected me to the page on my server. The code of the page is below and the output is further below:

<?php
    var_dump($_POST);
?>

Output:

array(0) { }

Am I doing is right? I checked using Firebug on Firefox and I could find the samlresponse in there somewhere, but I’m not sure how exactly to bring it into the page. Any help?

2) Using the sample SAML response, we were able to code a small script that parses the sample and prints the 2-3 attributes within. Is this the right way to do it, or is there a better open source solutions available out there?

I tried reading up on SimpleSAMLPHP, OneLogin and a couple other such bundles, but they seem too complicated whereas I feel what I have to achieve here can be done with methods/solutions alot more simpler. Also, the bundles appear to have all features of offering SAML, whereas I’m just to receive and parse a response.

Thank you for your help in advanced! Cheers

Advertisement

Answer

If you want to do manual parsing and handling of SAML messages OpenSAML may be the way to go. It is a very low level library and there is a lot of manual labour involved.

Here is the OpenSAML webpage

You will need to look into the SAML spec

My book, A Guide to OpenSAML, gives a good introduction and step by step on SAML and the OpenSAML library.

Also my blog has a couple of examples on this. https://blog.samlsecurity.com/categories/opensaml/ https://blog.samlsecurity.com/categories/saml/

User contributions licensed under: CC BY-SA
6 People found this is helpful
Advertisement