Skip to main content
K
KomputerMan_com-L7dcfe
Inspiring
September 16, 2014
Answered

tobase64 HTTP-Redirect binding

  • September 16, 2014
  • 1 reply
  • 889 views

Still struggling with encrypting a SAML request to be sent to an ADFS server.  Turns out there are multiple ways to encode strings.  By default the utf-8 encrption option with the toBase64 tag uses HTTP-Post binding.  I need it my script to use HTTP-REDIRECT binding. 

The code I'm using is this:

<CFSAVECONTENT VARIABLE = "samlAssertionXML">

<samlp:AuthnRequest IssueInstant="2014-09-16T19:24:18.343Z" ID="_kdls_testing_application_for_single_sign_on" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost/sde</saml:Issuer>

<samlp:NameIDPolicy AllowCreate="true"/>

</samlp:AuthnRequest>

</cfsavecontent>

<cfscript>

  samlAssertionXML = toBase64(toString(TRIM(samlAssertionXML)), "utf-8");

</cfscript>

When I take the string that gets returned by the toBase64 tag and use the SAML 2.0 Debugger the string gets de-crypted correctly.  But when I re-encrypt the string using HTTP-REDIRECT binding I get a different encryption string.  If I re-encrypt using the HTTP-POST binding I get the string I passed to the toBase64 tag.

So my question is how to I tell CF that I need to use HTTP-REDIRECT binding when I encrypt the string?

This topic has been closed for replies.
Correct answer KomputerMan_com-L7dcfe

After a little searching around I found the following snippet of code that seems to do the trick.  It adds a ton of AAAAAAAAAAAAAA's to the encrypted string but the ADFS server isn't complaining and as I have a fast approaching deadline I'll live with them for now.  Still if you understand JAVA (I haven't developed in that language so I really don't) please clue me in to how this code does what it does.

<!--- perform Deflate, Base64 encode, and URL encode --->

<cfscript>

  saml_deflate = createObject("java", "java.util.zip.Deflater");

  saml_deflate.init(9,true);

  saml_deflate.setInput(samlAssertionXML.getBytes("UTF-8"));

  saml_deflate.finish();

  compressedDataLength = saml_deflate.deflate(output);

  data64 = toBase64(output,"UTF-8");

  data64url = urlencodedformat(data64);

</cfscript>



1 reply

K
KomputerMan_com-L7dcfeAuthorCorrect answer
Inspiring
September 17, 2014

After a little searching around I found the following snippet of code that seems to do the trick.  It adds a ton of AAAAAAAAAAAAAA's to the encrypted string but the ADFS server isn't complaining and as I have a fast approaching deadline I'll live with them for now.  Still if you understand JAVA (I haven't developed in that language so I really don't) please clue me in to how this code does what it does.

<!--- perform Deflate, Base64 encode, and URL encode --->

<cfscript>

  saml_deflate = createObject("java", "java.util.zip.Deflater");

  saml_deflate.init(9,true);

  saml_deflate.setInput(samlAssertionXML.getBytes("UTF-8"));

  saml_deflate.finish();

  compressedDataLength = saml_deflate.deflate(output);

  data64 = toBase64(output,"UTF-8");

  data64url = urlencodedformat(data64);

</cfscript>



Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices