I have read about how SAML v2 is working from this link. I see that I require an Assertion Consumer Service URL that will receive the SAML v2 response.
Currently, the URL I provide is a RESTEasy endpoint developed using Java and deployed on Tomcat. Assuming the SAML v2 response will be received at this endpoint, what method type should I provide my endpoint (GET or POST) and also what should it consume (XML or JSON)
What should be the logic inside the endpoint to parse the SAML v2 response. I am aware of using OpenSAML in Java but can that be used in my case as well?
My Java code looks like follows
@POST
@Path("/getDetails")
@Consumes("application/xml")
public Response getDetails(String xml,@HeaderParam("Authorization") String authorization){
//how to consume and decrypt SAML response over here?
return Response.status(Constants.RESPONSE_CODE_OK).entity(Constants.DATA_OK).build();
}
You can actually specify whether your assertion consumer service URL will be post or redirect(GET) in your metadata.
In your metadata, you provide the below tag:
<AssertionConsumerService
index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://LoadBalancer-9.siroe.com:3443/
federation/Consumer/metaAlias/sp"/>
It should accept XML as SAML v2 response will be in XML in particular format.
Also you can use onelogin saml API,
https://github.com/onelogin/java-saml
To understand example request and response you can use the below link: https://www.samltool.com/online_tools.php
For opensaml you can get an example code from the below link and with the help of it, you can have your own implementation http://www.capcourse.com/Library/OpenSAML/index.html