Highlighted

Encrypting a SAML Assertion using toBase64

Engaged ,
Sep 15, 2014

Copy link to clipboard

Copied

I have a pretty generic SAML assertion that I need to encrypt so I can pass it as a URL variable. The problem is when I use the toBase64 tag it adds the <?xml version="1.0" encoding="UTF-8"?> line to the top of the encrypted string. 

This is what my code looks like:

<CFSET MyDate = DateFormat(Now(), "yyyy-mm-dd") & 'T' & TimeFormat(Now(), "HH:nn:ss") & '.343Z'>

<cfxml variable="samlAssertionXML">

<samlp:AuthnRequest IssueInstant="#MyDate#" ID="_kdls_testing_application_for_single_sign_on" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost/sde</saml:Issuer>

    <samlp:NameIDPolicy AllowCreate="true"/>

  </samlp:AuthnRequest>

</cfxml>

<CFSET MySML = toBase64(toString(samlAssertionXML))>


When I decrypt the variable MySML using an online debugger this is what I get:

<?xml version="1.0" encoding="UTF-8"?>

<samlp:AuthnRequest IssueInstant="#MyDate#" ID="_kdls_testing_application_for_single_sign_on" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost/sde</saml:Issuer>

  <samlp:NameIDPolicy AllowCreate="true"/>

</samlp:AuthnRequest>


My question is how to I encode my string without getting that annoying XML header included???  Unfortunately the XML header is confusing the ADFS server I'm sending my SAML string to so it has to go.  Any ideas???


Most Valuable Participant
Correct answer by Carl_Von_Stetten | Most Valuable Participant

I suspect that the CFXML tag automatically adds that to make it valid XML.  Since you are trying to create an XML fragment, you might have better luck with CFSAVECONTENT instead of CFXML.

-Carl V.

Views

753

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Encrypting a SAML Assertion using toBase64

Engaged ,
Sep 15, 2014

Copy link to clipboard

Copied

I have a pretty generic SAML assertion that I need to encrypt so I can pass it as a URL variable. The problem is when I use the toBase64 tag it adds the <?xml version="1.0" encoding="UTF-8"?> line to the top of the encrypted string. 

This is what my code looks like:

<CFSET MyDate = DateFormat(Now(), "yyyy-mm-dd") & 'T' & TimeFormat(Now(), "HH:nn:ss") & '.343Z'>

<cfxml variable="samlAssertionXML">

<samlp:AuthnRequest IssueInstant="#MyDate#" ID="_kdls_testing_application_for_single_sign_on" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost/sde</saml:Issuer>

    <samlp:NameIDPolicy AllowCreate="true"/>

  </samlp:AuthnRequest>

</cfxml>

<CFSET MySML = toBase64(toString(samlAssertionXML))>


When I decrypt the variable MySML using an online debugger this is what I get:

<?xml version="1.0" encoding="UTF-8"?>

<samlp:AuthnRequest IssueInstant="#MyDate#" ID="_kdls_testing_application_for_single_sign_on" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost/sde</saml:Issuer>

  <samlp:NameIDPolicy AllowCreate="true"/>

</samlp:AuthnRequest>


My question is how to I encode my string without getting that annoying XML header included???  Unfortunately the XML header is confusing the ADFS server I'm sending my SAML string to so it has to go.  Any ideas???


Most Valuable Participant
Correct answer by Carl_Von_Stetten | Most Valuable Participant

I suspect that the CFXML tag automatically adds that to make it valid XML.  Since you are trying to create an XML fragment, you might have better luck with CFSAVECONTENT instead of CFXML.

-Carl V.

Views

754

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Sep 15, 2014 0
Most Valuable Participant ,
Sep 15, 2014

Copy link to clipboard

Copied

I suspect that the CFXML tag automatically adds that to make it valid XML.  Since you are trying to create an XML fragment, you might have better luck with CFSAVECONTENT instead of CFXML.

-Carl V.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 15, 2014 1
Engaged ,
Sep 15, 2014

Copy link to clipboard

Copied

Carl you are AWESOME!!!   thank you, Thank You, THANK YOU!!!

All I had to do was change this:<cfxml variable="samlAssertionXML">

To this:<CFSaveContent variable="samlAssertionXML">

Then I added a trim to my string like this:<CFSET MySML = toBase64(toString(TRIM(samlAssertionXML)))>

And life is good again!!!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 15, 2014 0