How to handle SAML v2 response using OpenSAML in RestEasy service












0














I have read about how SAML v2 is working from this link. I see that I require an Assertion Consumer Service URL that will receive the SAML v2 response.



Currently, the URL I provide is a RESTEasy endpoint developed using Java and deployed on Tomcat. Assuming the SAML v2 response will be received at this endpoint, what method type should I provide my endpoint (GET or POST) and also what should it consume (XML or JSON)



What should be the logic inside the endpoint to parse the SAML v2 response. I am aware of using OpenSAML in Java but can that be used in my case as well?



My Java code looks like follows



@POST

@Path("/getDetails")

@Consumes("application/xml")

public Response getDetails(String xml,@HeaderParam("Authorization") String authorization){

      //how to consume and decrypt SAML response over here?

    return Response.status(Constants.RESPONSE_CODE_OK).entity(Constants.DATA_OK).build();

}





java saml resteasy







share|improve this question





























    0














    I have read about how SAML v2 is working from this link. I see that I require an Assertion Consumer Service URL that will receive the SAML v2 response.



    Currently, the URL I provide is a RESTEasy endpoint developed using Java and deployed on Tomcat. Assuming the SAML v2 response will be received at this endpoint, what method type should I provide my endpoint (GET or POST) and also what should it consume (XML or JSON)



    What should be the logic inside the endpoint to parse the SAML v2 response. I am aware of using OpenSAML in Java but can that be used in my case as well?



    My Java code looks like follows



    @POST
    
@Path("/getDetails")
    
@Consumes("application/xml")
    
public Response getDetails(String xml,@HeaderParam("Authorization") String authorization){
    
      //how to consume and decrypt SAML response over here?
    
    return Response.status(Constants.RESPONSE_CODE_OK).entity(Constants.DATA_OK).build();
    
}





    java saml resteasy







    share|improve this question



























      0












      0








      0







      I have read about how SAML v2 is working from this link. I see that I require an Assertion Consumer Service URL that will receive the SAML v2 response.



      Currently, the URL I provide is a RESTEasy endpoint developed using Java and deployed on Tomcat. Assuming the SAML v2 response will be received at this endpoint, what method type should I provide my endpoint (GET or POST) and also what should it consume (XML or JSON)



      What should be the logic inside the endpoint to parse the SAML v2 response. I am aware of using OpenSAML in Java but can that be used in my case as well?



      My Java code looks like follows



      @POST
      
@Path("/getDetails")
      
@Consumes("application/xml")
      
public Response getDetails(String xml,@HeaderParam("Authorization") String authorization){
      
      //how to consume and decrypt SAML response over here?
      
    return Response.status(Constants.RESPONSE_CODE_OK).entity(Constants.DATA_OK).build();
      
}





      java saml resteasy







      share|improve this question















      I have read about how SAML v2 is working from this link. I see that I require an Assertion Consumer Service URL that will receive the SAML v2 response.



      Currently, the URL I provide is a RESTEasy endpoint developed using Java and deployed on Tomcat. Assuming the SAML v2 response will be received at this endpoint, what method type should I provide my endpoint (GET or POST) and also what should it consume (XML or JSON)



      What should be the logic inside the endpoint to parse the SAML v2 response. I am aware of using OpenSAML in Java but can that be used in my case as well?



      My Java code looks like follows



      @POST
      
@Path("/getDetails")
      
@Consumes("application/xml")
      
public Response getDetails(String xml,@HeaderParam("Authorization") String authorization){
      
      //how to consume and decrypt SAML response over here?
      
    return Response.status(Constants.RESPONSE_CODE_OK).entity(Constants.DATA_OK).build();
      
}





      java saml resteasy




      java saml resteasy






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 23 '18 at 4:33

























      asked Nov 19 '18 at 6:14









      Parth Doshi

      2,6251460116




      2,6251460116
























          1 Answer
          1






          active

          oldest

          votes


















          1














          You can actually specify whether your assertion consumer service URL will be post or redirect(GET) in your metadata.



          In your metadata, you provide the below tag:



           <AssertionConsumerService
          
            index="1"
          
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
          
            Location="https://LoadBalancer-9.siroe.com:3443/
          
            federation/Consumer/metaAlias/sp"/>


          It should accept XML as SAML v2 response will be in XML in particular format.



          Also you can use onelogin saml API,



          https://github.com/onelogin/java-saml



          To understand example request and response you can use the below link:
          https://www.samltool.com/online_tools.php



          For opensaml you can get an example code from the below link and with the help of it, you can have your own implementation
          http://www.capcourse.com/Library/OpenSAML/index.html






          share|improve this answer























          • hi Pooja, thanks for your reply. I have a question. when it hits my endpoint how will I get the assertion token. Also I have a mobile app and I need to send this assertion token back to mobile app.
            – Parth Doshi
            Nov 19 '18 at 7:38










          • You need to write the whole logic on your own or you can take help from the github project I have mentioned.
            – Pooja Aggarwal
            Nov 19 '18 at 7:40










          • ok got it. also how will I send my token back to mobile app. Basically my flow is like..mobile app opens login page in in app browser.. mobile based in cordova based application. User enters credentials and clicks login. On submit, IDP sends SAML response to ACS. After that I need to send only the token and the required attributes to mobile app..so how will it be done
            – Parth Doshi
            Nov 19 '18 at 7:45










          • I don't know exactly the correct way to do it but you can use a work around. After getting attributes from XML Response, save them in a static json or may be in database and then have another API exposed to return these attributes.
            – Pooja Aggarwal
            Nov 19 '18 at 7:50












          • ok it is good idea. thanks
            – Parth Doshi
            Nov 19 '18 at 8:09











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53369215%2fhow-to-handle-saml-v2-response-using-opensaml-in-resteasy-service%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          1














          You can actually specify whether your assertion consumer service URL will be post or redirect(GET) in your metadata.



          In your metadata, you provide the below tag:



           <AssertionConsumerService
          
            index="1"
          
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
          
            Location="https://LoadBalancer-9.siroe.com:3443/
          
            federation/Consumer/metaAlias/sp"/>


          It should accept XML as SAML v2 response will be in XML in particular format.



          Also you can use onelogin saml API,



          https://github.com/onelogin/java-saml



          To understand example request and response you can use the below link:
          https://www.samltool.com/online_tools.php



          For opensaml you can get an example code from the below link and with the help of it, you can have your own implementation
          http://www.capcourse.com/Library/OpenSAML/index.html






          share|improve this answer























          • hi Pooja, thanks for your reply. I have a question. when it hits my endpoint how will I get the assertion token. Also I have a mobile app and I need to send this assertion token back to mobile app.
            – Parth Doshi
            Nov 19 '18 at 7:38










          • You need to write the whole logic on your own or you can take help from the github project I have mentioned.
            – Pooja Aggarwal
            Nov 19 '18 at 7:40










          • ok got it. also how will I send my token back to mobile app. Basically my flow is like..mobile app opens login page in in app browser.. mobile based in cordova based application. User enters credentials and clicks login. On submit, IDP sends SAML response to ACS. After that I need to send only the token and the required attributes to mobile app..so how will it be done
            – Parth Doshi
            Nov 19 '18 at 7:45










          • I don't know exactly the correct way to do it but you can use a work around. After getting attributes from XML Response, save them in a static json or may be in database and then have another API exposed to return these attributes.
            – Pooja Aggarwal
            Nov 19 '18 at 7:50












          • ok it is good idea. thanks
            – Parth Doshi
            Nov 19 '18 at 8:09
















          1














          You can actually specify whether your assertion consumer service URL will be post or redirect(GET) in your metadata.



          In your metadata, you provide the below tag:



           <AssertionConsumerService
          
            index="1"
          
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
          
            Location="https://LoadBalancer-9.siroe.com:3443/
          
            federation/Consumer/metaAlias/sp"/>


          It should accept XML as SAML v2 response will be in XML in particular format.



          Also you can use onelogin saml API,



          https://github.com/onelogin/java-saml



          To understand example request and response you can use the below link:
          https://www.samltool.com/online_tools.php



          For opensaml you can get an example code from the below link and with the help of it, you can have your own implementation
          http://www.capcourse.com/Library/OpenSAML/index.html






          share|improve this answer























          • hi Pooja, thanks for your reply. I have a question. when it hits my endpoint how will I get the assertion token. Also I have a mobile app and I need to send this assertion token back to mobile app.
            – Parth Doshi
            Nov 19 '18 at 7:38










          • You need to write the whole logic on your own or you can take help from the github project I have mentioned.
            – Pooja Aggarwal
            Nov 19 '18 at 7:40










          • ok got it. also how will I send my token back to mobile app. Basically my flow is like..mobile app opens login page in in app browser.. mobile based in cordova based application. User enters credentials and clicks login. On submit, IDP sends SAML response to ACS. After that I need to send only the token and the required attributes to mobile app..so how will it be done
            – Parth Doshi
            Nov 19 '18 at 7:45










          • I don't know exactly the correct way to do it but you can use a work around. After getting attributes from XML Response, save them in a static json or may be in database and then have another API exposed to return these attributes.
            – Pooja Aggarwal
            Nov 19 '18 at 7:50












          • ok it is good idea. thanks
            – Parth Doshi
            Nov 19 '18 at 8:09














          1












          1








          1






          You can actually specify whether your assertion consumer service URL will be post or redirect(GET) in your metadata.



          In your metadata, you provide the below tag:



           <AssertionConsumerService
          
            index="1"
          
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
          
            Location="https://LoadBalancer-9.siroe.com:3443/
          
            federation/Consumer/metaAlias/sp"/>


          It should accept XML as SAML v2 response will be in XML in particular format.



          Also you can use onelogin saml API,



          https://github.com/onelogin/java-saml



          To understand example request and response you can use the below link:
          https://www.samltool.com/online_tools.php



          For opensaml you can get an example code from the below link and with the help of it, you can have your own implementation
          http://www.capcourse.com/Library/OpenSAML/index.html






          share|improve this answer














          You can actually specify whether your assertion consumer service URL will be post or redirect(GET) in your metadata.



          In your metadata, you provide the below tag:



           <AssertionConsumerService
          
            index="1"
          
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
          
            Location="https://LoadBalancer-9.siroe.com:3443/
          
            federation/Consumer/metaAlias/sp"/>


          It should accept XML as SAML v2 response will be in XML in particular format.



          Also you can use onelogin saml API,



          https://github.com/onelogin/java-saml



          To understand example request and response you can use the below link:
          https://www.samltool.com/online_tools.php



          For opensaml you can get an example code from the below link and with the help of it, you can have your own implementation
          http://www.capcourse.com/Library/OpenSAML/index.html







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Nov 23 '18 at 8:20

























          answered Nov 19 '18 at 6:34









          Pooja Aggarwal

          850110




          850110












          • hi Pooja, thanks for your reply. I have a question. when it hits my endpoint how will I get the assertion token. Also I have a mobile app and I need to send this assertion token back to mobile app.
            – Parth Doshi
            Nov 19 '18 at 7:38










          • You need to write the whole logic on your own or you can take help from the github project I have mentioned.
            – Pooja Aggarwal
            Nov 19 '18 at 7:40










          • ok got it. also how will I send my token back to mobile app. Basically my flow is like..mobile app opens login page in in app browser.. mobile based in cordova based application. User enters credentials and clicks login. On submit, IDP sends SAML response to ACS. After that I need to send only the token and the required attributes to mobile app..so how will it be done
            – Parth Doshi
            Nov 19 '18 at 7:45










          • I don't know exactly the correct way to do it but you can use a work around. After getting attributes from XML Response, save them in a static json or may be in database and then have another API exposed to return these attributes.
            – Pooja Aggarwal
            Nov 19 '18 at 7:50












          • ok it is good idea. thanks
            – Parth Doshi
            Nov 19 '18 at 8:09


















          • hi Pooja, thanks for your reply. I have a question. when it hits my endpoint how will I get the assertion token. Also I have a mobile app and I need to send this assertion token back to mobile app.
            – Parth Doshi
            Nov 19 '18 at 7:38










          • You need to write the whole logic on your own or you can take help from the github project I have mentioned.
            – Pooja Aggarwal
            Nov 19 '18 at 7:40










          • ok got it. also how will I send my token back to mobile app. Basically my flow is like..mobile app opens login page in in app browser.. mobile based in cordova based application. User enters credentials and clicks login. On submit, IDP sends SAML response to ACS. After that I need to send only the token and the required attributes to mobile app..so how will it be done
            – Parth Doshi
            Nov 19 '18 at 7:45










          • I don't know exactly the correct way to do it but you can use a work around. After getting attributes from XML Response, save them in a static json or may be in database and then have another API exposed to return these attributes.
            – Pooja Aggarwal
            Nov 19 '18 at 7:50












          • ok it is good idea. thanks
            – Parth Doshi
            Nov 19 '18 at 8:09
















          hi Pooja, thanks for your reply. I have a question. when it hits my endpoint how will I get the assertion token. Also I have a mobile app and I need to send this assertion token back to mobile app.
          – Parth Doshi
          Nov 19 '18 at 7:38




          hi Pooja, thanks for your reply. I have a question. when it hits my endpoint how will I get the assertion token. Also I have a mobile app and I need to send this assertion token back to mobile app.
          – Parth Doshi
          Nov 19 '18 at 7:38












          You need to write the whole logic on your own or you can take help from the github project I have mentioned.
          – Pooja Aggarwal
          Nov 19 '18 at 7:40




          You need to write the whole logic on your own or you can take help from the github project I have mentioned.
          – Pooja Aggarwal
          Nov 19 '18 at 7:40












          ok got it. also how will I send my token back to mobile app. Basically my flow is like..mobile app opens login page in in app browser.. mobile based in cordova based application. User enters credentials and clicks login. On submit, IDP sends SAML response to ACS. After that I need to send only the token and the required attributes to mobile app..so how will it be done
          – Parth Doshi
          Nov 19 '18 at 7:45




          ok got it. also how will I send my token back to mobile app. Basically my flow is like..mobile app opens login page in in app browser.. mobile based in cordova based application. User enters credentials and clicks login. On submit, IDP sends SAML response to ACS. After that I need to send only the token and the required attributes to mobile app..so how will it be done
          – Parth Doshi
          Nov 19 '18 at 7:45












          I don't know exactly the correct way to do it but you can use a work around. After getting attributes from XML Response, save them in a static json or may be in database and then have another API exposed to return these attributes.
          – Pooja Aggarwal
          Nov 19 '18 at 7:50






          I don't know exactly the correct way to do it but you can use a work around. After getting attributes from XML Response, save them in a static json or may be in database and then have another API exposed to return these attributes.
          – Pooja Aggarwal
          Nov 19 '18 at 7:50














          ok it is good idea. thanks
          – Parth Doshi
          Nov 19 '18 at 8:09




          ok it is good idea. thanks
          – Parth Doshi
          Nov 19 '18 at 8:09


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53369215%2fhow-to-handle-saml-v2-response-using-opensaml-in-resteasy-service%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Catalogne

          Image
          Pour les articles homonymes, voir Catalogne (homonymie). Ne doit pas être confondu avec Pays catalans. Cet article concerne un événement récent ou en cours. Ces informations peuvent manquer de recul, ne pas prendre en compte des développements récents ou changer à mesure que l’événement progresse. Le titre lui-même peut être provisoire. N’hésitez pas à l’améliorer en veillant à citer vos sources . La dernière modification de cette page a été faite le 30 décembre 2018 à 18:00. Catalogne Catalunya (ca) Catalonha (oc) Cataluña (es) .mw-parser-output .entete.map{background-image:url("//upload.wikimedia.org/wikipedia/commons/7/7a/Picto_infobox_map.png")} Armoiries Drapeau Administration Pays   Espagne Capitale Barcelone 41° 23′ N, 2° 11′ E Statut d'autonomie 9 septembre 1932 19 septembre 1979, modifié le 19 juin 2006 Sièges au Parlement 47 députés 24 (16 élus et 8 désignés) sénateurs Présiden...
          Read more

          Violoncelliste

          Image
          Cet article est une ébauche concernant un musicien. Vous pouvez partager vos connaissances en l’améliorant ( comment ? ) selon les recommandations des projets correspondants. Un violoncelliste jouant un air de tango dans une rue de Buenos Aires. En musique, un violoncelliste est un musicien instrumentiste jouant du violoncelle. Voir aussi | Catégorie:Violoncelliste Catégorie:Violoncelliste classique Portail de la musique Portail de la musique classique This page is only for reference, If you need detailed information, please check here
          Read more

          Héron pourpré

          Image
          .mw-parser-output h1 #sous_titre_h1{display:block;font-size:0.7em;line-height:1.3em;margin:0.2em 0 0.1em 0.5em} Ardea purpurea Ardea purpurea Ardea purpurea - Tarn Classification (COI) Règne Animalia Embranchement Chordata Sous-embr. Vertebrata Classe Aves Ordre Pelecaniformes Famille Ardeidae Genre Ardea Nom binominal Ardea purpurea Linnaeus, 1766 Répartition géographique     ////   zone de nidification     ////   résident permanent     ////   non nicheur Statut de conservation UICN LC  : Préoccupation mineure Le Héron pourpré ( Ardea purpurea Linnaeus, 1766) est une espèce d'oiseaux de la famille des Ardeidae. C'est un oiseau migrateur présent et nicheur en Europe et Afrique du Nord, hivernant occasionnellement en Europe de l'Ouest et du sud, protégé. Chants et appels Enregistrement 1 : Enregistrement 2 : Écouter le Héron pourpré sur xeno-canto Sommaire 1 Description...
          Read more