This documentation is for WSO2 App Manager 1.0.0. View documentation for the latest release.
Page Comparison - Processing SAML Response (v.1 vs v.2) - App Manager 1.0.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

WSO2 App Manager can be configured to send the whole SAML response which has been generated by the identity provider, to the backend web application. You can refer to  ‘Sending SAML response to backendfor more information on this . Once the required configurations are done as given in the guide , base 64 encoded SAML response will be sent to the backend application as a http transport header with name of ‘AppMgtSAML2Response’.


When the web application receives the HTTP request, it can read the request and the encoded SAML response which has been sent as a http header value. When this particular header value is extracted from the request, it can be processed to get the actual SAML response generated from the Identity provider.

Encoded SAML response can be processed with the use of different libraries. Java OpenSAML 2.2.3 library has been used in the following example to process the SAML Response received at the backend. The steps of processing the SAML response are illustrated below.

As the first step, the encoded SAML response should be extracted from the HttpServletRequest.

Code Block
String samlResponseHeader = request.getHeader("AppMgtSAML2Response");

Then the extracted header value should be decoded using Base64 library

 

Code Block
byte[] base64DecodedResponse = Base64.decode(samlResponseHeader);

 

After the header value is decoded, then the decoded SAML Response has to be unmarshalled. So that the decoded response should be converted into a input byte stream and create the DOM element object out of the response string.

 

Code Block
ByteArrayInputStream inputStreams = new ByteArrayInputStream(base64DecodedResponse);
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();

Document document = docBuilder.parse(inputStreams);
Element element = document.getDocumentElement();

 

As the next step, the DOM element is unmarshalled.

Code Block
UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
XMLObject responseXmlObj = unmarshaller.unmarshall(element);

Ultimately, the XML Object is casted into the SAML 2.0 Response message.

 

Code Block
Response response = (Response) responseXmlObj;

 

Now the processing of SAML response message is completed and the response is ready. 

Below is the completed implementation of SAML Token Processing Sample.

Code Block
import org.opensaml.Configuration;
import org.opensaml.DefaultBootstrap;
import org.opensaml.common.SAMLException;
import org.opensaml.saml2.core.Response;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.io.Unmarshaller;
import org.opensaml.xml.io.UnmarshallerFactory;
import org.opensaml.xml.io.UnmarshallingException;
import org.opensaml.xml.util.Base64;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

import javax.servlet.http.HttpServletRequest;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import java.io.ByteArrayInputStream;


public class SAMLResponseManager {
    
    private static boolean bootStrapped = false;
    public static final String APPM_MGT_SAML2_RESPONSE = "AppMgtSAML2Response";

    public Response processSAMLResponse(HttpServletRequest request) throws Exception {

        //Reading AppMgtSAML2Response header value from the request
        String samlResponseHeader = request.getHeader(APPM_MGT_SAML2_RESPONSE);

        //Decoding the extracted encoded SAML Response
        byte[] base64DecodedResponse = Base64.decode(samlResponseHeader);
        Response response = null;

        //Initializing Open SAML Library
        doBootstrap();

        try {
            //Converting the decoded SAML Response string into DOM object
            ByteArrayInputStream inputStreams = new ByteArrayInputStream(base64DecodedResponse);
            DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
            documentBuilderFactory.setNamespaceAware(true);
            DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
            Document document = docBuilder.parse(inputStreams);
            Element element = document.getDocumentElement();

            //Unmarshalling the element
            UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
            Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
            XMLObject responseXmlObj = unmarshaller.unmarshall(element);
            response = (Response) responseXmlObj;

        } catch (ParserConfigurationException e) {
            throw new SAMLException("Error while parsing the decoded SAML Response", e);
        } catch (UnmarshallingException e) {
            throw new SAMLException("Error while unmarshalling the decoded SAML Response", e);
        }
        return response;

    }
    public static void doBootstrap() throws SAMLException {
      /* Initializing the OpenSAML library */
        if (!bootStrapped) {
            try {
                DefaultBootstrap.bootstrap();
                bootStrapped = true;
            } catch (ConfigurationException e) {
                throw new SAMLException("Error while bootstrapping OpenSAML library", e);
            }
        }
    }

}