Search code examples
javasaml-2.0shibbolethopensaml

Prepare SAML Authentication request using OpenSaml3.1.1


We are using shibboleth-idp to authenticate users using SSO solution from shibboleth. We are able to do idp upgrade (2.4 to 3.1.1) , and also we are able to check status of IdP 3.1.1.(http://localhost:8080/idp/profile/status)

As we know 'IdP 2.4' was using OpenSaml2.6 and IdP 3.1.1 is using Opensaml 3.1.1,

We have following queries with respect to OpenSAML 3.1.1

A) An alternative API to be used in OpenSAML 3.1.1 for "SecureRandomIdentifierGenerator"

A.1)Using Open SAML 2.6 Sample SessionID generation at SP(non shibboleth SP Component) is given below ::

SecureRandomIdentifierGenerator generator = new SecureRandomIdentifierGenerator(); sessionId=generator.generateIdentifier();

A.2)Using Open SAML 3.1.1 ???

B) How to send SAML Request using Open SAML 3.1.1 B.1)Using Open SAML 2.6 Sample SAML Request from SP(non shibboleth SP Component) to Idp 2.4(Shibboleth component) is given below:: we call "getAuthnRequest()" method to generate SAML Request (we are using SAML 2.6 )

            private AuthnRequest getAuthnRequest(DateTime issueInstant, Issuer issuer,
                                            String consumerUrl, String spUrl) {

                            AuthnRequestBuilder authRequestBuilder = new AuthnRequestBuilder();
                            AuthnRequest authRequest = authRequestBuilder
                                                            .buildObject("urn:oasis:names:tc:SAML:2.0:protocol",
                                                                                            "AuthnRequest", "samlp");
                            authRequest.setForceAuthn(new Boolean(false));
                            authRequest.setIsPassive(new Boolean(false));
                            authRequest.setIssueInstant(issueInstant);
                            authRequest
                                                            .setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
                            authRequest.setAssertionConsumerServiceURL(consumerUrl);
                            authRequest.setIssuer(issuer);
                            authRequest.setAttributeConsumingServiceIndex(1);

                            return authRequest;

            }

B.2)Using Open SAML 3.1.1 ???

Please suggest us to use opensaml 3.1.1 to prepare saml authn request.


Solution

  • This is the reply i got it from official forum:

    A) An alternative API to be used in OpenSAML 3.1.1 for "SecureRandomIdentifierGenerator"

    A.1)Using Open SAML 2.6 Sample SessionID generation at SP(non shibboleth SP Component) is given below ::

    SecureRandomIdentifierGenerator generator = new SecureRandomIdentifierGenerator(); sessionId=generator.generateIdentifier();

    A.2)Using Open SAML 3.1.1 ???

    The v3 version is net.shibboleth.utilities.java.support.security.SecureRandomIdentifierGenerationStrategy located in java-support.

    B) How to send SAML Request using Open SAML 3.1.1

                private AuthnRequest getAuthnRequest(DateTime issueInstant, Issuer issuer,
                                                String consumerUrl, String spUrl) {
    
                                AuthnRequestBuilder authRequestBuilder = new AuthnRequestBuilder();
    

    B.2)Using Open SAML 3.1.1 ???

    The package names have changed, it's now in org.opensaml.saml.saml2.core.impl.AuthnRequestBuilder. But otherwise I believe should be exactly the same. Are you not using Eclipse, or another IDE? It can help out with simple package import changes.

    Btw, in both v2 and v3 we discourage direct use of the -Builder classes like that. We recommend you obtain XMLObject builders, marshallers and unmarshallers via the registered providers. In v2, builder usage:

    https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUsrManJavaCreateFromScratch

    In v3, no wiki docs yet, but either use the global XMLObjectProviderRegistry via org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport, or the higher level methods on org.opensaml.core.xml.util.XMLObjectSupport.