Highlighted

tobase64 HTTP-Redirect binding

Engaged ,
Sep 16, 2014

Copy link to clipboard

Copied

Still struggling with encrypting a SAML request to be sent to an ADFS server.  Turns out there are multiple ways to encode strings.  By default the utf-8 encrption option with the toBase64 tag uses HTTP-Post binding.  I need it my script to use HTTP-REDIRECT binding. 

The code I'm using is this:

<CFSAVECONTENT VARIABLE = "samlAssertionXML">

<samlp:AuthnRequest IssueInstant="2014-09-16T19:24:18.343Z" ID="_kdls_testing_application_for_single_sign_on" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost/sde</saml:Issuer>

<samlp:NameIDPolicy AllowCreate="true"/>

</samlp:AuthnRequest>

</cfsavecontent>

<cfscript>

  samlAssertionXML = toBase64(toString(TRIM(samlAssertionXML)), "utf-8");

</cfscript>

When I take the string that gets returned by the toBase64 tag and use the SAML 2.0 Debugger the string gets de-crypted correctly.  But when I re-encrypt the string using HTTP-REDIRECT binding I get a different encryption string.  If I re-encrypt using the HTTP-POST binding I get the string I passed to the toBase64 tag.

So my question is how to I tell CF that I need to use HTTP-REDIRECT binding when I encrypt the string?

After a little searching around I found the following snippet of code that seems to do the trick.  It adds a ton of AAAAAAAAAAAAAA's to the encrypted string but the ADFS server isn't complaining and as I have a fast approaching deadline I'll live with them for now.  Still if you understand JAVA (I haven't developed in that language so I really don't) please clue me in to how this code does what it does.

<!--- perform Deflate, Base64 encode, and URL encode --->

<cfscript>

  saml_deflate = createObject("java", "java.util.zip.Deflater");

  saml_deflate.init(9,true);

  saml_deflate.setInput(samlAssertionXML.getBytes("UTF-8"));

  saml_deflate.finish();

  compressedDataLength = saml_deflate.deflate(output);

  data64 = toBase64(output,"UTF-8");

  data64url = urlencodedformat(data64);

</cfscript>



Views

561

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

tobase64 HTTP-Redirect binding

Engaged ,
Sep 16, 2014

Copy link to clipboard

Copied

Still struggling with encrypting a SAML request to be sent to an ADFS server.  Turns out there are multiple ways to encode strings.  By default the utf-8 encrption option with the toBase64 tag uses HTTP-Post binding.  I need it my script to use HTTP-REDIRECT binding. 

The code I'm using is this:

<CFSAVECONTENT VARIABLE = "samlAssertionXML">

<samlp:AuthnRequest IssueInstant="2014-09-16T19:24:18.343Z" ID="_kdls_testing_application_for_single_sign_on" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost/sde</saml:Issuer>

<samlp:NameIDPolicy AllowCreate="true"/>

</samlp:AuthnRequest>

</cfsavecontent>

<cfscript>

  samlAssertionXML = toBase64(toString(TRIM(samlAssertionXML)), "utf-8");

</cfscript>

When I take the string that gets returned by the toBase64 tag and use the SAML 2.0 Debugger the string gets de-crypted correctly.  But when I re-encrypt the string using HTTP-REDIRECT binding I get a different encryption string.  If I re-encrypt using the HTTP-POST binding I get the string I passed to the toBase64 tag.

So my question is how to I tell CF that I need to use HTTP-REDIRECT binding when I encrypt the string?

After a little searching around I found the following snippet of code that seems to do the trick.  It adds a ton of AAAAAAAAAAAAAA's to the encrypted string but the ADFS server isn't complaining and as I have a fast approaching deadline I'll live with them for now.  Still if you understand JAVA (I haven't developed in that language so I really don't) please clue me in to how this code does what it does.

<!--- perform Deflate, Base64 encode, and URL encode --->

<cfscript>

  saml_deflate = createObject("java", "java.util.zip.Deflater");

  saml_deflate.init(9,true);

  saml_deflate.setInput(samlAssertionXML.getBytes("UTF-8"));

  saml_deflate.finish();

  compressedDataLength = saml_deflate.deflate(output);

  data64 = toBase64(output,"UTF-8");

  data64url = urlencodedformat(data64);

</cfscript>



Views

562

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Sep 16, 2014 0
Engaged ,
Sep 17, 2014

Copy link to clipboard

Copied

After a little searching around I found the following snippet of code that seems to do the trick.  It adds a ton of AAAAAAAAAAAAAA's to the encrypted string but the ADFS server isn't complaining and as I have a fast approaching deadline I'll live with them for now.  Still if you understand JAVA (I haven't developed in that language so I really don't) please clue me in to how this code does what it does.

<!--- perform Deflate, Base64 encode, and URL encode --->

<cfscript>

  saml_deflate = createObject("java", "java.util.zip.Deflater");

  saml_deflate.init(9,true);

  saml_deflate.setInput(samlAssertionXML.getBytes("UTF-8"));

  saml_deflate.finish();

  compressedDataLength = saml_deflate.deflate(output);

  data64 = toBase64(output,"UTF-8");

  data64url = urlencodedformat(data64);

</cfscript>



Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 17, 2014 0