Layer7 API Management

  • 1.  Build SAML Protocol Request support different binding protocol ?

    Posted Nov 03, 2016 10:48 AM

    Hi ALL ,

     

    We have a external IdP Server , and I use "Build SAML Protocol Request Assertion" for authentication.

     

    but I see the document for "Build SAML Protocol Request Assertion" only support SOAP format ,

     

    and our external IdP only accept  the request is redirected binding , and response is post binding. that is XML format , not SOAP format , please see the following:

     

    <?xml version="1.0" encoding="UTF-8"?>
    <samlp:AuthnRequest AssertionConsumerServiceURL="https://an9.***.com/sso/ac/consume" ForceAuthn="false" ID="0" IsPassive="false" IssueInstant="2016-11-03T03:30:33.343Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <samlp:Issuer
            xmlns:samlp="urn:oasis:names:tc:SAML:2.0:assertion">an9
        </samlp:Issuer>
        <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" SPNameQualifier="Issuer"
            xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
            <saml2p:RequestedAuthnContext Comparison="exact"
                xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml:AuthnContextClassRef                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
                </saml:AuthnContextClassRef>
            </saml2p:RequestedAuthnContext>
        </samlp:AuthnRequest>

     

    My Question is :

     

    1. "Build SAML Protocol Request Assertion" can support different binding protocol , like   SAML SOAP Binding (based on SOAP 1.1) ,     Reverse SOAP (PAOS) Binding ,     HTTP Redirect Binding ,     HTTP POST Binding ,     HTTP Artifact Binding ,     SAML URI Binding?

     

    2. how to custom saml request , like add AssertionConsumerServiceURL element ?

     

    Please help !



  • 2.  Re: Build SAML Protocol Request support different binding protocol ?

    Broadcom Employee
    Posted Nov 23, 2016 07:01 PM

    Jerry,

     

    I've attached several examples for generating custom SAML Requests. The one that I believe you will be most interested with is the Shibboleth file as it has an assertion to inject the SOAP Protocol binding on line 23. 

     

    As a note, the Siteminder example is used to send to Siteminder/SSO which will require that you request the GZIP tactical assertion from support to use properly.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support

    Attachment(s)