This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

SAML AuthRequest Creator JavaCallout | HTTP Redirect Binding

Posted on 07-10-2020 06:07 AM
sartajsinghmca1
New Member
Reply posted on --/--/---- --:-- AM

Hi,

Do we have any Java-Callout available in APIGEE to do the SAML all required operation which are not possible using the OOB Policies ? I can see the OOB Policy to validate the SAML Assertion but when APIGEE act as a SP (service provider ) there is no policies which can be used to generate the required Auth Request. Is any Java callout available to do the same ? We need a AuthRequest generation as explained on the below link (signed/signature)

https://www.samltool.com/generic_sso_req.php

Solved Solved
0 9 487
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
sartajsisodiya
New Member
Reply posted on --/--/---- --:-- AM

Here is the Javacallout

https://github.com/DinoChiesa/Apigee-Java-SAML-AuthnRequest

View solution in original post

Jump to Solution
0 Likes
9 REPLIES 9

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I understand.

I can look into building one for you....It shouldn't be too difficult.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Try this Java callout?

That repo contains the Java source code and pom.xml file required to compile a simple Java callout for Apigee, that creates a signed SAML AuthnRequest, for use in SP-initiated login, with HTTP-POST binding or HTTP Redirect binding.

For signature algorithms, it supports rsa-sha1 and rsa-sha256.

You do not need to compile it to use it. It's ready to use as is.

It has various options for setting Issuer, NameIDPolicy, ForceAuthn, Scoping, Destination, and more.

Check it out.

Jump to Solution

Posted on --/--/---- --:-- AM
sartajsisodiya
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Thanks Dino-at-Google

FYR, The generated response is not aligned with the auth-request

https://developers.onelogin.com/saml/online-tools/validate/xml-against-xsd-schema

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to sartajsisodiya
Reply posted on --/--/---- --:-- AM

let me look..

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to sartajsisodiya
Reply posted on --/--/---- --:-- AM

I've updated the callout. Use "git pull" to get the latest.

The 20200713 version adds some options for the callout so that you can specify a requester-id, an idp-id, an idp-location.... Which results in getting a Scoping element.

Also you can specify force-authn.

Some other changes as well.

I don't know the exact shape of the AuthnRequest that you need. HTTP POST Binding? Redirect Binding?

Give it a try and see if it fits your requirements and let me know. I'm sort of guessing here.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
sartajsisodiya
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Thanks @Dino-at-Google


My use case is for Redirect Binding

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to sartajsisodiya
Reply posted on --/--/---- --:-- AM

I sent you a DM

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
In response to sartajsisodiya
Reply posted on --/--/---- --:-- AM

@Sartaj Sisodiya - https://github.com/ssvaidyanathan/apigee-http-redirect-binding (check this out if its useful)

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
sartajsisodiya
New Member
Reply posted on --/--/---- --:-- AM

Here is the Javacallout

https://github.com/DinoChiesa/Apigee-Java-SAML-AuthnRequest

Jump to Solution
0 Likes