Still struggling with encrypting a SAML request to be sent to an ADFS server. Turns out there are multiple ways to encode strings. By default the utf-8 encrption option with the toBase64 tag uses HTTP-Post binding. I need it my script to use HTTP-REDIRECT binding.
The code I'm using is this:
<CFSAVECONTENT VARIABLE = "samlAssertionXML">
<samlp:AuthnRequest IssueInstant="2014-09-16T19:24:18.343Z" ID="_kdls_testing_application_for_single_sign_on" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
samlAssertionXML = toBase64(toString(TRIM(samlAssertionXML)), "utf-8");
When I take the string that gets returned by the toBase64 tag and use the SAML 2.0 Debugger the string gets de-crypted correctly. But when I re-encrypt the string using HTTP-REDIRECT binding I get a different encryption string. If I re-encrypt using the HTTP-POST binding I get the string I passed to the toBase64 tag.
So my question is how to I tell CF that I need to use HTTP-REDIRECT binding when I encrypt the string?
After a little searching around I found the following snippet of code that seems to do the trick. It adds a ton of AAAAAAAAAAAAAA's to the encrypted string but the ADFS server isn't complaining and as I have a fast approaching deadline I'll live with them for now. Still if you understand JAVA (I haven't developed in that language so I really don't) please clue me in to how this code does what it does.
<!--- perform Deflate, Base64 encode, and URL encode --->
saml_deflate = createObject("java", "java.util.zip.Deflater");
compressedDataLength = saml_deflate.deflate(output);
data64 = toBase64(output,"UTF-8");
data64url = urlencodedformat(data64);