Saturday, May 20, 2017

Decrypting a SAML Assertion in OpenSAML v3

As you probably should know at this point, the SAML Assertion contains the description of a authenticated user and how it was autheunticitoted. The assertion is generally signed to prevent manipulation but there are also cases where you would want to encrypt the assertion to prevent someone to see the information within. For example the assertion can be used to communicate personal information about the user such as social security number and adress.

As most people reading my blog seem to be on the SP side of SAML I will explain how to decrypt an assertion.

The general method of encryption and subsequent decryption of a assertion uses two keys, one symetric and on asymetric.
The symtric key is generated during encryption and used to encrypt the actual assertion data. A  asymetric key, generally a SP key contained in the metadata, is then used to encrypt the symetric key which is then stored in the XML together with the ecrypted assertion.




To decrypt the reverse of this is done. The asymmetric is used to decrypt the symmetric key, which is then used to decrypt the assertion.

Now for the OpenSAML part.

First we get the assertion from the XML. The assertion is stored in a EncryptedAssertion object and is retrieved with the method getEncryptedAssertions() on the response instead of getAssertions() which is used otherwise.

StaticKeyInfoCredentialResolver keyInfoCredentialResolver = new StaticKeyInfoCredentialResolver(SPCredentials.getCredential());

Decrypter decrypter = new Decrypter(null, keyInfoCredentialResolver, new InlineEncryptedKeyResolver());


In this example a StaticKeyInfoCredentialResolver is used to point out the key that is used for decryption, in this case I have stored it in the static class SPCredentials. The InlineEncryptedKeyResolver is used to tell the decryptor that the symmetric encryption key can be found in the XML next to the encrypted assertion.

The decryptor returns a decrypted Assertion object.




Some NameID value






  1. Hi Stefan,

    I have bought your book and with the help of that , i could integrate my web application using openSaml version 3.

    Now i have a different use case to implement , my company has a desktop application implemented in .Net , we want to enable SAML based sso for this application as well , i googled various sources but neither helped me . So we have arrived at our ow n idea to implement this.

    With the help of the already implemented web app , we are going to open an embedded browser from desktop which calls the url in which we create SAML request , once the IDP responds back with assertions we will return an loginid to the desktop app to authenticate. I will use the same saml request servlet and saml response consumer servlet for both web app and desktop , but for desktop i will redirect to another servlet which writes loginid in servlet response. So basic thing i need is a way to send a saml resuest with an identifier identifies application and the same identifier responed back by IDP in Saml response ( may be SAML request with assertion attribute and the same returned by IDP in saml response)

    WebAPP --> SAML request xml (without identifier )--> SAML repsonse(without identifier) <--IDP

    Desktop --> WebApp --> (SAML request xml (with identifier as from desktop ) --> SAML response ((with identifier as from desktop) <--- IDP

    Here the identifier may be custom assertion/any saml request attribute which can be send as it is from IDP in response

    1. Sound like you could set a RelayState parameter on the SAML request URL going out. This should be echoed back in the response.

      However you should think twice on you acrobatics with the second servlet where you take in a assertion and return user id in the servlet response.

      If you blindly trust what is returned in the response it might be easy to by pass the authentication by just inserting another user id.

  2. Thanks Stefan ,I will try relaystate and let you know. By the way the loginid mentioned is not user ID it's a n encrypted id which includes various other parameters which is specific to application

  3. Hi Stefan,

    I bought your book yesterday and following it with the sample project given in the book as well. Could you please let me know if there is a separate book from IDP point since it's not covered here. If not any other sources, sample projects you can redirect me to is greatly appreciated


    1. Hi, Im sorry, I do not have any other book on the subject and Im not aware of any sample project. Sorry hope you find what you need

  4. Hi Stefan -- I'm using this sample code to decrypt an assertion from okta and it's not working out. would you have any advice?

    1. oh - got it solved by using a chaining resolver. though I'm not fully sure what happened.

    2. I have a similar issue on my system on my unit tests. I changed it to add the chaining resolver, but I still have the same error. Are you using the same key for both encryption and decryption like Stefan's example on the book?