0
  1. I have a hosted non-gallery application on Microsoft Azure.
  2. I have completed the SAML configuration in Azure AD (using SAML 2.0 protocol)
  3. My application runs in Java (runtime 7)
  4. I am getting the userPrincipalName as encoded Value.

How do I decode that encoded value and retrieve the actual value?

I have tested the response using SAML Parser, and it is showing the correct value in the NameID tag.

I am expecting the value as it is showing in SAML response NameID tag, but I am getting an encoded value.

I have tried the following code, but the output is not as expected. I am expecting a string with email format.

enter image description here

Philippe Signoret
  • 13,299
  • 1
  • 40
  • 58
ShraddhaJ
  • 201
  • 1
  • 14
  • May I know where you get the SAMLResponse value ? It seems that it is not a common SAMLResponse . – Stanley Gong Aug 27 '19 at 07:48
  • I am getting this value in tag.Like this: hEUnPY0HVf5jXb4FoD7BgjZTAoh0RQgyOKnoP5HOhOA=. This is Mail Id of user configured at AZURE side. – ShraddhaJ Aug 27 '19 at 08:27
  • It is wired, when I decode SAMLResponse , there is an email ID with out encoded in , pls see the capture in my answer. – Stanley Gong Aug 27 '19 at 08:32
  • Yes, I have appended the capture. – Stanley Gong Aug 27 '19 at 09:03
  • I am able to decode the whole SAML Response .But NameID value is still Encrypted – ShraddhaJ Aug 27 '19 at 09:04
  • Thanks Stanley, I tried it. the entire SAML repsonse i am able to Decode. But the NameId value i am getting, provided as Encrypted value Only.That Value has been Encrypted using some crypting algorithm. – ShraddhaJ Aug 27 '19 at 09:07
  • @ShraddhaJ Instead of copying a screenshot of the code, please past the actual code itself. https://meta.stackoverflow.com/questions/303812/discourage-screenshots-of-code-and-or-errors – Philippe Signoret Aug 27 '19 at 13:57

2 Answers2

1

SAML tokens are Base64 encoded while transferring . If you are using java 6, just use code below to decode your SAML token: 

import java.io.UnsupportedEncodingException;

import javax.xml.bind.DatatypeConverter;

public class Base64test {

    public static void main(String[] args) {
        String SAML_resp = "<SAML RESP>";
        byte[] decoded = DatatypeConverter.parseBase64Binary(SAML_token);
        try {
            System.out.println(new String(decoded, "UTF-8"));
        } catch (UnsupportedEncodingException e) {

            e.printStackTrace();
        }
    }
}

enter image description here

enter image description here

Stanley Gong
  • 11,522
  • 1
  • 8
  • 16
  • Thanks For the Help. This Solution requires Java 8. I have my Application on Java 6. – ShraddhaJ Aug 27 '19 at 04:04
  • Hi, I have updated the answer. Pls mark me if it is helpful : ) – Stanley Gong Aug 27 '19 at 05:40
  • hi, I have updated my Question with your solution, you can see the screenshot. I am not getting the exact decoded String. – ShraddhaJ Aug 27 '19 at 07:18
  • Hi, I noticed that your NameID Format is "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" , which belongs to transient identifiers. Transient identifiers are what IdP tell the SP that the users in the session have been granted to access the resource on SP, but the identities of users do not offer to SP actually. For example, The assertion just like “Anonymity(Idp doesn’t tell SP who he is) has the permission to access /resource on SP”. SP got it and let browser to access it, but still don’t know Anonymity' real name. – Stanley Gong Aug 27 '19 at 09:56
  • Btw ,this post explained it well : https://stackoverflow.com/questions/11693297/what-are-the-different-nameid-format-used-for – Stanley Gong Aug 27 '19 at 09:57
  • Hello @ShraddhaJ , is it helpful for you ? – Stanley Gong Aug 28 '19 at 02:08
  • Hello @Stanley, yes it is Helpful. It was the issue of NameId format. In Azure (IDP side) it was selected as Persistent. But in Picketlink we are expecting Transient. Now i have set both values at Persistent. It is working Fine.Thanks for the Help – ShraddhaJ Aug 28 '19 at 11:03
0

Use OpenSAML 2.x, it'll work with Java 1.6 . Here's an example that shows parsing and validation of the SAML response via OpenSAML v2

identigral
  • 3,920
  • 16
  • 31