cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

Encrypting a SAML Assertion using toBase64

KomputerMan_com-L7dcfe
Engaged ,
Sep 15, 2014 Sep 15, 2014

I have a pretty generic SAML assertion that I need to encrypt so I can pass it as a URL variable. The problem is when I use the toBase64 tag it adds the <?xml version="1.0" encoding="UTF-8"?> line to the top of the encrypted string. 

This is what my code looks like:

<CFSET MyDate = DateFormat(Now(), "yyyy-mm-dd") & 'T' & TimeFormat(Now(), "HH:nn:ss") & '.343Z'>

<cfxml variable="samlAssertionXML">

<samlp:AuthnRequest IssueInstant="#MyDate#" ID="_kdls_testing_application_for_single_sign_on" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost/sde</saml:Issuer>

    <samlp:NameIDPolicy AllowCreate="true"/>

  </samlp:AuthnRequest>

</cfxml>

<CFSET MySML = toBase64(toString(samlAssertionXML))>


When I decrypt the variable MySML using an online debugger this is what I get:

<?xml version="1.0" encoding="UTF-8"?>

<samlp:AuthnRequest IssueInstant="#MyDate#" ID="_kdls_testing_application_for_single_sign_on" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost/sde</saml:Issuer>

  <samlp:NameIDPolicy AllowCreate="true"/>

</samlp:AuthnRequest>


My question is how to I encode my string without getting that annoying XML header included???  Unfortunately the XML header is confusing the ADFS server I'm sending my SAML string to so it has to go.  Any ideas???


932
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Carl Von Stetten
Guide , Sep 15, 2014 Sep 15, 2014

I suspect that the CFXML tag automatically adds that to make it valid XML.  Since you are trying to create an XML fragment, you might have better luck with CFSAVECONTENT instead of CFXML.

-Carl V.

Translate
replies 2 Replies 2
latest latest Jump to latest reply
Carl Von Stetten
Guide ,
Sep 15, 2014 Sep 15, 2014

I suspect that the CFXML tag automatically adds that to make it valid XML.  Since you are trying to create an XML fragment, you might have better luck with CFSAVECONTENT instead of CFXML.

-Carl V.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
KomputerMan_com-L7dcfe
Engaged ,
Sep 15, 2014 Sep 15, 2014
LATEST
In Response To Carl Von Stetten

Carl you are AWESOME!!!   thank you, Thank You, THANK YOU!!!

All I had to do was change this:<cfxml variable="samlAssertionXML">

To this:<CFSaveContent variable="samlAssertionXML">

Then I added a trim to my string like this:<CFSET MySML = toBase64(toString(TRIM(samlAssertionXML)))>

And life is good again!!!

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices