SAML2.0 Specification how Response Should be sent

84 Views Asked by At

I have connected to two different saml2.0 identity providers. Test IdP https://hub.docker.com/r/kristophjunge/test-saml-idp/ And a Third party idp.

I am new to SAML so I may be missing something here. It turns out that the test idp works perfectly with the demo code at (https://github.com/pac4j/ratpack-pac4j-demo). On login, the context Session contains Pac4jSessionKeys.USER_PROFILE.

However, for the other idp the profile does not end up in the session. The session contains only Pac4jSessionKeys.REQUESTED_URL

On login the id responds with a XHTML form specified like in https://en.wikipedia.org/wiki/SAML_2.0 This response is sent in the body. This is not the case for the test idp which seems to work well with the test code above.

Since I am not familiar with SAML2.0 I am wondering if there are different specs I am not aware of?

Do I have to parse the XHTML body myself? I suppose if this is the standard way to do things then ratpack will already have support for this.

0

There are 0 best solutions below