SAML Request and Sign request before sending in java

Question

Hi I am new to SAML and I want to create a sample request using Java but not Spring. then take that request and sign it and send it to IdP and after that receive the request and be able to read its content.I have tried to make Coveo this work but I didn't know how to create a proper meta data. Is there any simple library or project to do that.

Typically the IdP provides his SAML IdP meta data as this forms the standardised 'contract' between the SP and the IdP. Which IdP is being used? — Bernhard Thalmayr, Sep 19 '18 at 07:10
I am using a government IdP, it is not public and they say that the meta data are not mandatory so I have to build my own meta to make this library works — Paris Dark, Sep 19 '18 at 10:38

score 0 · Answer 1 · answered Sep 18 '18 at 20:07

0

You need a client side SAML stack.

You can find Java source examples in the open source ones.

answered Sep 18 '18 at 20:07

rbrayb

46,440
34
114
174

score 0 · Answer 2 · answered Sep 20 '18 at 08:15

0

Meta data is not mandatory, but it helps a lot as many IdP / SP implementation can directly use it.

You could use https://www.samltool.com/idp_metadata.php to generate IdP meta data. As the SAML response is typically digitally signed (when using front-channel binding) you need to input the certificate of the IdP althouth this is not mandatory. So you may just provide some certificate and remove it later on from the meta data if it's not needed.

answered Sep 20 '18 at 08:15

Bernhard Thalmayr

2,674
1
11
7

Yes you are correct, it is not mandatory but for Coveo library it is mandatory. I have tried samltoo.com before but it didn't work with Coveo. Do you recommend any good java sample for me. – Paris Dark Sep 20 '18 at 11:39
Reading https://github.com/coveo/saml-client , `SamlClient client = SamlClient.fromMetadata("MyRelyingPartyIdentifier", "http://some/url/that/processes/assertions", "");` I wonder why you can not use the IDP meta data xml generated by samltool. – Bernhard Thalmayr Sep 21 '18 at 08:45
What about just writing another unit test to see why the IdP meta data generated by samltool does not work? If this is indeed the case, then I would consider it as a bug in Coveo. – Bernhard Thalmayr Sep 21 '18 at 08:49
I have tried writing many unit test as you said but nothing works. could you please try it from your side maybe I am missing something. – Paris Dark Sep 22 '18 at 10:55

SAML Request and Sign request before sending in java

2 Answers2