I'm trying to build utility that accepts an encrypted/encoded string containing a SAML 2 assertion string and spits out a decrypted/decoded assertion as plaintext.
I've seen several code examples of decrypting an encrypted/encoded assertion starting from an XML file:
- Decrypting encrypted assertion using SAML 2.0 in java using OpenSAML
- How to test/debug Decrypting Encrypted Assertion using OpenSAML 2 and Java?
These seem to be built on use of the org.opensaml.xml.io.UnmarshallerFactory, which takes XML inputs rather than string inputs.
Is there an API similar to org.opensaml.xml.io.UnmarshallerFactory that can operate on a string?
Taking the string, injecting it into an XML document, parsing the document, and then using the UnmarshallerFactory seems like a bad idea.
-- Adding this detail:
In an IdP-initiated request, an encoded/encrypted request is being sent into by the IdP to the SP as a form parameter on a POST.
The parameter looks like Base64 encoded string.
I'm looking for a way to decode/decrypt this string to turn it into an Assertion object. The API on the OpenSAML libraries are sufficiently complicated that it isn't obvious how this is done.
I'm looking for a code sample.
