validate signature for saml2 response redirect java sha256 encryption

Question

I'm trying to validate SAML response in order to redirect the client to appropriate page. Here is my Servlet:

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    String samlParam = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY);
    if (samlParam != null) {
        // how to validate signature in order to redirect?
        // String queryString = request.getQueryString();
        // byte[] signatureFromQueryString = RedirectBindingSignatureUtil.getSignatureValueFromSignedURL(queryString);
    } else {
        // ...
    }
}

Encryption Method is set SHA256 from Saml Server for current (Relying party trusts). I'm using picketlink (https://issues.jboss.org/browse/PLINK-621) library but since it doesn't support SHA256 encryption i have to write signature validation myself...

It seems you are mixing up encryption and signature ... the link you provided is also not related to signature validation, but to sign the SAML AuthnRequest. — Bernhard Thalmayr, Aug 12 '19 at 16:47
@BernhardThalmayr why signature validation is failing then when encryption is set for SHA256? — Emrah Mehmedov, Aug 12 '19 at 17:40

validate signature for saml2 response redirect java sha256 encryption

0 Answers0