Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-820

Support for SAML Artifact binding in SamlFederationHandler

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Not a defect
    • 4.0.0
    • 3.0.0, 3.1.0, 3.1.1, 4.0.0
    • SAML

    Description

      SamlFederationHandler appears to only support HTTP-POST binding when OpenIG is configured as SAML Service Provider.

      To reproduce: configure OpenIG as per the SAML 2.0 Service Provider documentation, but change the sp.xml metadata such that HTTP-Artifact is the only available AssertionConsumerService. When the handler is invoked the following error is logged:

      Jan 05, 2016 12:05:34 PM com.sun.identity.plugin.log.impl.FedletLogger error
      INFO: BINDING_NOT_SUPPORTED
      {gateway}
      {urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST}
      TUE JAN 05 12:05:34 GMT 2016 (ERROR) {SamlFederationHandler}/handler
      SSO Failed: Requested binding is not supported.
      

      The following source code also suggests no support for HTTP-Artifact:

      openig/openig-saml/src/main/java/org/forgerock/openig/handler/saml/SamlFederationHandler.java:        // TODO: add option to specify artifact
      

      Suggest we document this in release notes also.

      Attachments

        Activity

          People

            Unassigned Unassigned
            jon.knight@forgerock.com Jon Knight
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: