4 Replies Latest reply: Mar 30, 2012 4:56 AM by Vesuv Mitarbeiter RSS

SAML Binding and Parsing

Vesuv Mitarbeiter Newbie

Hello,

 

You've helped me with other problems very well, so here are two new ones

We are running picketlink in a JBOSS AS 7.1 Server (picketlink 2.0.1) (tried in EAP 6 with picketlink 2.0.3 too). We use an external IDP. For the request we use a redirect- and for the response a post-Binding (Is it possible to configure the Response-Binding in SP?). The request works well and the response is send to the correct url. But there is only shown a blank page. After searching und debugging a time we found out, that there are some thins in picketlink, that we don't understand.

 

1.) Although the response comes with post-binding, picketlink "thinks", that it is redirect-binding (in class ServiceProviderSAMLResponseProcessor attribute postBinding). Because of this we get some error:

 

java.util.zip.ZipException: too many length or distance symbol

 

2.) We have written a subclass of ServiceProviderSAMLResponseProcessor and there the attribute postBinding is always true. This way, we get another error:

 

PL00066: Parser : Expected end tag:AuthnContext>.  Found </NoVerification>

 

But the SAML-Response ist correct: (Only the important part is shown here):

 

<saml:AuthnContext>

                <saml:AuthnContextDecl>

                    <samlacpass:AuthenticationContextDeclaration>

                        <samlacpass:Identification nym="verinymity">

                            <samlacpass:Extension>

                                <safeac:NoVerification/>

                            </samlacpass:Extension>

                        </samlacpass:Identification>

                    </samlacpass:AuthenticationContextDeclaration>

                </saml:AuthnContextDecl>

</saml:AuthnContext>

 

It seems, that picketlink always searches for a start- and an end-tag.

Is there something we could have done wrong or is it a bug in picketlink?

 

Thanks for your help,

Martin