Signing and Sending AuthnRequests in OpenSAML V3
This article discusses singing and sending in OpenSAML 3. If you're looking for an article on OpenSAML 4, you will find it here and if you're looking for an article on OpenSAML 2, you will find it here
Signing and sending a AuthnRequest in OpenSAML V3 is fortunately not that different from how it was done in OpenSAML V2.
As described in this post on AuthnRequests OpenSAML V2, the AuthnRequest is the SAML request that starts a typical SSO authentication process. This is the SP requesting the IDP to authenticate a user.
As in V2 the
HTTPRedirectDeflateEncoder is used to send messages using HTTP redirect, the main difference lays in the message context.
One of the major changes between V2 and V3 is the message contexts. In version 2, the message contexts where basically one object containing general properties about the message and its destination. In V3 the message context concept has been expanded to be more flexible contain more information. In the new context structure there is a context object per purpose.
In my book A Guide to OpenSAML V3 I cover the use of the new message contexts in detail.
To sign and send a AuthnRequest, three contexts are needed.
The main context is created and the AuthnRequest is set.
1MessageContext context = new MessageContext(); 2context.setMessage(authnRequest);
SAMLEndpointContext are created and configured to point to the endpoint of the message.
1SAMLPeerEntityContext peerEntityContext = context.getSubcontext(SAMLPeerEntityContext.class, true); 2SAMLEndpointContext endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true); 3endpointContext.setEndpoint(idpEndpoint);
1SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters(); 2signatureSigningParameters.setSigningCredential(SPCredentials.getCredential()); 3signatureSigningParameters.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); 4context.getSubcontext(SecurityParametersContext.class, true).setSignatureSigningParameters(signatureSigningParameters);
HTTPRedirectDeflateEncoder is created and populated with context and the http request object.
1HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); 2encoder.setMessageContext(context); 3encoder.setHttpServletResponse(httpServletResponse);
Lastly the encoder is initialized and the message is encoded