2

I am starting to use ruby-saml for one of the projects. IDP that I am using is expecting POST for authentication request with HTTP body containing SAMLRequest. Looking at the source code for authrequest.rb, create method can only do GET instead of POST.

I decided to call the create_params and get the base64 token which I can use from my view to do a POST. When I use the following code 


      params = {}
      request = OneLogin::RubySaml::Authrequest.new

      token = request.create_params(saml_settings, params)
      p token
      p token["SAMLRequest"]
      p decode(token["SAMLRequest"])

When i try base64decode.org or call the decode method, I get encoding for is not correct.

1) Can I do a POST instead of a GET?
2) What am I doing wrong in creating the request for it to be bad encoding?
thanks

Greg
  • 21
  • 3
  • There has to be simpler way.. but code I have created a base64 encoded token and I can pass to application. 
      token1 = request.create(saml_settings)
  p token1
  payload  = CGI.unescape(token1.split("=").last)
   decoded  = Base64.decode64(payload)

      p decoded
      zstream  = Zlib::Inflate.new(-Zlib::MAX_WBITS)
      inflated = zstream.inflate(decoded)
      zstream.finish
      zstream.close
      p inflated

      encoded = Base64.encode64(inflated)
      encoded = encoded.gsub(/\n/,'')
      p encoded
    – Greg Aug 07 '17 at 15:13

1 Answers1

2

1) Can I do a POST instead of a GET?

Yes, but support POST-binding is not just replace GET parameters by POST parameters...the signature on POST-binding is embed on the SAML message and is not another GET parameter.

2) What am I doing wrong in creating the request for it to be bad encoding? thanks

The AuthNRequest is not only base64encoded, but also deflated.

Try use Base64 Decode + Inflate

You will find that thread interesting: https://github.com/onelogin/ruby-saml/issues/124

smartin
  • 2,957
  • 2
  • 23
  • 33