SAML HTTP Post Binding Translation Filter

Description

As Identity, We want SAML Mapping messages encoded coming in to Identity and decoded using Identity's Repose, using HTTP Post Binding So that character encoding issues are eliminated.

Message in as encoded as http post, comes out as artifact...

Assuming content type is correct, take http request, get.parm.saml.response, get string back, decode string.

There are three types of binding:

  1. SOAP Binding

  2. HTTP Post Binding

  3. Artifact Binding

Mario: I researched SAML a bit and spoke to Jorge about my findings. I updated the AC as a result. Read the "History" tab for more details on the updates.

Acceptance Criteria:

  • SAML Mapping messages decoded from a HTTP Post Binding to Artifact Binding

    • The SAML Response XML will be in the "SAMLResponse" field and will be base64 encoded.

    • There may be other fields such as "RelayState" which should be dropped.

  • A new filter is created to do the decoding.

  • Filter contains no configs.

    • It's presence in the filter chain indicates the filter should process the request under the following conditions:

      • Method is POST

      • Content type matches application/x-www-form-urlencoded

      • Body contains field "SAMLResponse"

  • Filter will not offer functionality to re-encode

  • Filter will fail if it cannot decode the "SAMLResponse" field, return a bad request response.

  • If no "SAMLResponse" field, return a bad request response.

Environment

None

Status

Assignee

Mario Lopez

Reporter

Adrian George

Labels

None

External issue ID

None

External issue ID

None

External issue ID

None

External issue ID

None

External issue ID

None

External issue ID

None

CoAssignee

None

Capitalizable

True

Story Points

3

Time tracking

0m

Epic Link

Sprint

None

Fix versions

Priority

Very High