HttpWebRequest - adding data

Question

I am building HttpWebRequest to request a response containing a SAMLResponse to obtain a users name.
The response will be picked up by a Httpmodule.
After building my AuthRequest (as follows) the xml is defalted, base64 encoded then url encoded.

<samlp:AuthnRequest xmlns:samlp=urn:oasis:names:tc:SAML:2.0:protocol xmlns:saml=urn:oasis:names:tc:SAML:2.0:assertion ProtocolBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST  Version= version ID= iD 
IssueInstant=DateTime.Now.ToString() Destination= destination />

<saml:Issuer> issuer /saml:Issuer>

<samlp:NameIDPolicy AllowCreate=true Format=urn:oasis:names:tc:SAML:2.0:nameid-format:transient/>    
</samlp:AuthnRequest>

My postBytes for requestStream.Write(postBytes, 0, postBytes.Length) consists of a byte[] from a string created from "SAMLRequest=" + SAMLRequest

Hopefully I havent lost you yet.
My question is: does the value of SAMLRequest need to be placed in a form or can it be the encoded xml? What determines this decision?

Thanks in advance!

Answer 1

According to saml.xml.org: The post request issued to the IdP has the following content:

POST /SAML2/SSO/POST HTTP/1.1
Host: idp.example.org
Content-Type: application/x-www-form-urlencoded
Content-Length: nnn
SAMLRequest=request&RelayState=token

You can of course assemble a HttpWebRequest in C# code with this form content in order to avoid issues related to nested forms.

The saml.xml.org link specifies that "The value of the SAMLRequest parameter is the base64 encoding of the <samlp:AuthnRequest> element"

If you have an IdP (like OpenSSO) available you should be able to test and see what works.

I am assuming that you are trying to implement Step 3 in the diagram below.

DISCLAIMER: I Haven't tried this out myself, so please provide some feedback on whether this answer was helpful or not.