-
1. Re: Service Provider in multiple IDP's
kshiva Nov 4, 2014 4:43 AM (in response to kshiva)Hi,
I am able to solve this issue. The issue was with my web.xml where I am allowing specific URL's. I have modified the pattern to "/*". Now I am able to get the parameters in the DynamicIdPSAML2AuthenticationHandler java file to distinguish between the IDP's.
I have other issues which I am working on. My application is a struts2.0 based application.
1. In sp-metadata.xml, I have given the AssertionConsumerService Location as "http://localhost:8080/application_context/web/Home.do". In the action class where the method executes, I am not able to retrieve the parameter "SAMLResponse". It always shows null. Is there any other way to do it in Struts based application?
2. Do you have any example which parse the SAMLResponse and retrieves the attributes.
3. How to provide the Logout parameter "SLO" to the logout url. My logout url is "http://localhost:8080/application_context/web/Logout.do".
4. I have tried with the following for Global Logout --> "http://localhost:8080/application_context/web/Logout.do?GLO=true", which works fine, but after logout, leads to a blank page rather than redirecting to SP.
5. I want to externalize all the url's in the picketlink xml files to a property file. Is there any example or a way to do it?
Let me know if I am doing the things correctly? I am using the same files attached in the previous post.
Thanks,
Krishna.
-
2. Re: Service Provider in multiple IDP's
kshiva Nov 22, 2014 2:10 AM (in response to kshiva)Hi,
I was able to find solution for few of them. The solutions are as follows:
1. I needed SAMLResponse for finding the attributes sent by IDP. In picketlink.xml, place the attribute handler as below and access those attributes from your java class.
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AttributeHandler" /> in SP Picketlink.xml
Map<String, List<Object>> attrMap = (Map<String, List<Object>>)sessionObj.getAttribute("SESSION_ATTRIBUTE_MAP"); - In Java class. The attributes are set by the above handler in session.
2. Place the "LLO" attribute in url --> http://localhost:8080/application_context/web/Logout.do/?LLO=true
3. You can externalize the url's from picketlink.xml by placing them in Stanadlone.xml (I am using jboss).
In Standalone.xml --
<system-properties>
<property name="picketlink.idp.domains" value="localhost,127.0.0.1"/>
</system-properties>
In Picketlink.xml --
${picketlink.idp.rapidsp.domains}
Thanks
Krishna