[Example of Application URL Use Case: For passing User Attributes to the saml2sso service and to be able to use these attributes as part of the assertion using AGP/Assertion Generator Plug-in]
1) Configured the optional Application URL in the SAML 2.0 SP properties at the SMFSS IDP as,
http://idp.my.com/affwebservices/public/sample_application.jsp
2) This sample JSP page is provided as part of WAOP under affwebservices\public folder
[Example of IDP Initiated traces in FWS trace log]:
[07/31/2012][14:07:19][1368][2884][101e8841-b04a2615-91890097-aad0eed6-4647f3be-c86][SSO.java][processApplicationRedirect][Redirecting to ApplicationURL:
http://idp.my.com/affwebservices/public/sample_application.jsp?SMPORTALURL=http%3A%2F%2Fidp.my.com%2Faffwebservices%2Fpublic%2Fsaml2sso&SMPORTALSTATE=U01BU1NFUlRJT05SRUY9UVVFUlkmU1BJRD1zcC5jYS5jb20mUHJvdG9jb2xCaW5kaW5nPXVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1Q%3D]
[07/31/2012][14:07:34][1368][2884][5df301b8-0e286543-0e9f8b8a-72b7977f-286d9013-be][SSO.java][doPost][SAML2 Single Sign-On Service received POST request.]
[07/31/2012][14:07:34][1368][2884][5df301b8-0e286543-0e9f8b8a-72b7977f-286d9013-be][FWSBase.java][doRequestLog][Requesting Host: 127.0.0.1 Requesting Host IP: 127.0.0.1 Request protocol: HTTP/1.1 Request was secure: false Authentication type: null]
[07/31/2012][14:07:34][1368][2884][5df301b8-0e286543-0e9f8b8a-72b7977f-286d9013-be][PostRequestWrapper][initialize][Processing parameter: NUM...]
[07/31/2012][14:07:34][1368][2884][5df301b8-0e286543-0e9f8b8a-72b7977f-286d9013-be][PostRequestWrapper][initialize][ Value: 435654]
[07/31/2012][14:07:34][1368][2884][5df301b8-0e286543-0e9f8b8a-72b7977f-286d9013-be][PostRequestWrapper][initialize][Processing parameter: LANG...]
[07/31/2012][14:07:34][1368][2884][5df301b8-0e286543-0e9f8b8a-72b7977f-286d9013-be][PostRequestWrapper][initialize][ Value: English]
[07/31/2012][14:07:34][1368][2884][5df301b8-0e286543-0e9f8b8a-72b7977f-286d9013-be][PostRequestWrapper][initialize][Processing parameter: SMPORTALSTATE...]
[07/31/2012][14:07:34][1368][2884][5df301b8-0e286543-0e9f8b8a-72b7977f-286d9013-be][PostRequestWrapper][initialize][
QUERY STRING:
SMASSERTIONREF=QUERY&SPID=sp.ca.com&ProtocolBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
]
[07/31/2012][14:07:34][1368][2884][5df301b8-0e286543-0e9f8b8a-72b7977f-286d9013-be][PostRequestWrapper][initialize][
paramValue:
QUERY
]
[07/31/2012][14:07:34][1368][2884][5df301b8-0e286543-0e9f8b8a-72b7977f-286d9013-be][PostRequestWrapper][initialize][
paramValue:
sp.ca.com
]
[07/31/2012][14:07:34][1368][2884][5df301b8-0e286543-0e9f8b8a-72b7977f-286d9013-be][PostRequestWrapper][initialize][
paramValue:
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
]
[07/31/2012][14:07:34][1368][2884][5df301b8-0e286543-0e9f8b8a-72b7977f-286d9013-be][PostRequestWrapper][initialize][Processing parameter: SMPORTALURL...]
[07/31/2012][14:07:34][1368][2884][5df301b8-0e286543-0e9f8b8a-72b7977f-286d9013-be][PostRequestWrapper][initialize][ Value:
http://idp.my.com/affwebservices/public/saml2sso]
[07/31/2012][14:07:34][1368][2884][5df301b8-0e286543-0e9f8b8a-72b7977f-286d9013-be][SSO.java][doPost][This is a POST from an Application - processing as a GET request.]
[07/31/2012][14:07:34][1368][2884][e6ae1ea5-58270fed-bf6bda28-fe4c70a7-bd675524-49][SSO.java][doGet][SAML2 Single Sign-On Service received GET request.]
[07/31/2012][14:07:34][1368][2884][e6ae1ea5-58270fed-bf6bda28-fe4c70a7-bd675524-49][FWSBase.java][doRequestLog][Requesting Host: 127.0.0.1 Requesting Host IP: 127.0.0.1 Request protocol: HTTP/1.1 Request was secure: false Authentication type: null]
[07/31/2012][14:07:34][1368][2884][e6ae1ea5-58270fed-bf6bda28-fe4c70a7-bd675524-49][SSO.java][doGet][Query String: NUM=435654&LANG=English&SMASSERTIONREF=QUERY&SPID=sp.ca.com&ProtocolBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&SMPORTALURL=http://idp.my.com/affwebservices/public/saml2sso]
[07/31/2012][14:07:34][1368][2884][e6ae1ea5-58270fed-bf6bda28-fe4c70a7-bd675524-49][SSO.java][doGet][Request is UNSOLICITED!]
[Example of SP Initiated or AUthNRequest Traces]:
[07/31/2012][14:09:15][1368][2884][3879592f-35f467ca-41bb3dac-f949b936-f3918fca-b78][SSO.java][processApplicationRedirect][Redirecting to ApplicationURL:
http://idp.my.com/affwebservices/public/sample_application.jsp?SMPORTALURL=http%3A%2F%2Fidp.my.com%2Faffwebservices%2Fpublic%2Fsaml2sso&SMPORTALSTATE=U0FNTFJlcXVlc3Q9ZlpCQlQ4TXdESVh2JTJCeFZWN211YWxOTFdhaXROMm1YU3VBRGl3QVc1bWF0RmFwTlNwd1AlMkJQZGs0d0FrZmZMQ2VuOSUyRm5acmVHczN1azk1VTRKUHZZck1OZ3ZXdkZPWVFacExTbk9aMiUyQlV1TW5pY1B3UVQzVGNyR0dXTTVyUDFvakdhZFJNM3VSSFBhdGVNTzYxeFdWUTEyUXZzT0NxQ3J5S3I4dlQwT3VDc1I2VUloUnlyelN3WEZBRjFxaE02VzNXYm5OMWJPcUlhdEJaYThpZWFHRmIwbDBtb25rY3hvZHQySmRISGhreSUyQkJ3SW9aZzRHbjNjSVNvZ1hueHdScyUyRmltNlR4R29jSzdnZFduNjJJUTclMkJkMENPZEZkODBmR2NHcnhpTiUyRkxYcDlzMDh1JTJGSHVtOCUzRCZSZWxheVN0YXRlPTQ1YTE0ZDY3MTg0MGI5MmMzYmRhM2FlNzE1YzUyZTVjOWUwNGI1YTA%3D]
[07/31/2012][14:09:20][1368][2884][141a2d17-f69560bb-a37bc268-92adacdf-c0a66724-e592][SSO.java][doPost][SAML2 Single Sign-On Service received POST request.]
[07/31/2012][14:09:20][1368][2884][141a2d17-f69560bb-a37bc268-92adacdf-c0a66724-e592][FWSBase.java][doRequestLog][Requesting Host: 127.0.0.1 Requesting Host IP: 127.0.0.1 Request protocol: HTTP/1.1 Request was secure: false Authentication type: null]
[07/31/2012][14:09:20][1368][2884][141a2d17-f69560bb-a37bc268-92adacdf-c0a66724-e592][PostRequestWrapper][initialize][Processing parameter: NUM...]
[07/31/2012][14:09:20][1368][2884][141a2d17-f69560bb-a37bc268-92adacdf-c0a66724-e592][PostRequestWrapper][initialize][ Value: 2453565456]
[07/31/2012][14:09:20][1368][2884][141a2d17-f69560bb-a37bc268-92adacdf-c0a66724-e592][PostRequestWrapper][initialize][Processing parameter: LANG...]
[07/31/2012][14:09:20][1368][2884][141a2d17-f69560bb-a37bc268-92adacdf-c0a66724-e592][PostRequestWrapper][initialize][ Value: English]
[07/31/2012][14:09:20][1368][2884][141a2d17-f69560bb-a37bc268-92adacdf-c0a66724-e592][PostRequestWrapper][initialize][Processing parameter: SMPORTALSTATE...]
[07/31/2012][14:09:20][1368][2884][141a2d17-f69560bb-a37bc268-92adacdf-c0a66724-e592][PostRequestWrapper][initialize][
QUERY STRING:
SAMLRequest=fZBBT8MwDIXv%2BxVV7mualNLWaitN2mXSuADiwAW5matFapNSpwP%2BPdk4wAkffLCen9%2FnZreGs3uk95U4JPvYrMNgvWvFOYQZpLSnOZ2%2BUuMnicPwQT3TcrGGWM5rP1ojGadRM3uRHPateMO61xWVQ12QvsOCqCryKr8vT0OuCsR6UIhRyrzSwXFAF1qhM6W3WbnN1bOqIatBZa8ieaGFb0l0monkcxodt2JdHHhky%2BBwIoZg4Gn3cISogXnxwRs%2Fim6TxGocK7gdWn62IQ7%2Bd0COdFd80fGcGrxiN%2FLXp9s08u%2FHum8%3D&RelayState=45a14d671840b92c3bda3ae715c52e5c9e04b5a0
]
[07/31/2012][14:09:20][1368][2884][141a2d17-f69560bb-a37bc268-92adacdf-c0a66724-e592][PostRequestWrapper][initialize][
paramValue:
fZBBT8MwDIXv%2BxVV7mualNLWaitN2mXSuADiwAW5matFapNSpwP%2BPdk4wAkffLCen9%2FnZreGs3uk95U4JPvYrMNgvWvFOYQZpLSnOZ2%2BUuMnicPwQT3TcrGGWM5rP1ojGadRM3uRHPateMO61xWVQ12QvsOCqCryKr8vT0OuCsR6UIhRyrzSwXFAF1qhM6W3WbnN1bOqIatBZa8ieaGFb0l0monkcxodt2JdHHhky%2BBwIoZg4Gn3cISogXnxwRs%2Fim6TxGocK7gdWn62IQ7%2Bd0COdFd80fGcGrxiN%2FLXp9s08u%2FHum8%3D
]
[07/31/2012][14:09:20][1368][2884][141a2d17-f69560bb-a37bc268-92adacdf-c0a66724-e592][PostRequestWrapper][initialize][paramValue:
fZBBT8MwDIXv%2BxVV7mualNLWaitN2mXSuADiwAW5matFapNSpwP%2BPdk4wAkffLCen9%2FnZreGs3uk95U4JPvYrMNgvWvFOYQZpLSnOZ2%2BUuMnicPwQT3TcrGGWM5rP1ojGadRM3uRHPateMO61xWVQ12QvsOCqCryKr8vT0OuCsR6UIhRyrzSwXFAF1qhM6W3WbnN1bOqIatBZa8ieaGFb0l0monkcxodt2JdHHhky%2BBwIoZg4Gn3cISogXnxwRs%2Fim6TxGocK7gdWn62IQ7%2Bd0COdFd80fGcGrxiN%2FLXp9s08u%2FHum8%3D
]
[07/31/2012][14:09:20][1368][2884][141a2d17-f69560bb-a37bc268-92adacdf-c0a66724-e592][PostRequestWrapper][initialize][
paramValue:
45a14d671840b92c3bda3ae715c52e5c9e04b5a0
]
[07/31/2012][14:09:20][1368][2884][141a2d17-f69560bb-a37bc268-92adacdf-c0a66724-e592][PostRequestWrapper][initialize][Processing parameter: SMPORTALURL...]
[07/31/2012][14:09:20][1368][2884][141a2d17-f69560bb-a37bc268-92adacdf-c0a66724-e592][PostRequestWrapper][initialize][ Value:
http://idp.my.com/affwebservices/public/saml2sso]
[07/31/2012][14:09:20][1368][2884][141a2d17-f69560bb-a37bc268-92adacdf-c0a66724-e592][SSO.java][doPost][This is a POST from an Application - processing as a GET request.]
[07/31/2012][14:09:20][1368][2884][b7e881c9-28a6ab3e-8c6d890a-6fb0aaf7-43f939cd-51][SSO.java][doGet][SAML2 Single Sign-On Service received GET request.]
[07/31/2012][14:09:20][1368][2884][b7e881c9-28a6ab3e-8c6d890a-6fb0aaf7-43f939cd-51][FWSBase.java][doRequestLog][Requesting Host: 127.0.0.1 Requesting Host IP: 127.0.0.1 Request protocol: HTTP/1.1 Request was secure: false Authentication type: null]
[07/31/2012][14:09:20][1368][2884][b7e881c9-28a6ab3e-8c6d890a-6fb0aaf7-43f939cd-51][SSO.java][doGet][Query String: NUM=2453565456&LANG=English&SAMLRequest=fZBBT8MwDIXv%2BxVV7mualNLWaitN2mXSuADiwAW5matFapNSpwP%2BPdk4wAkffLCen9%2FnZreGs3uk95U4JPvYrMNgvWvFOYQZpLSnOZ2%2BUuMnicPwQT3TcrGGWM5rP1ojGadRM3uRHPateMO61xWVQ12QvsOCqCryKr8vT0OuCsR6UIhRyrzSwXFAF1qhM6W3WbnN1bOqIatBZa8ieaGFb0l0monkcxodt2JdHHhky%2BBwIoZg4Gn3cISogXnxwRs%2Fim6TxGocK7gdWn62IQ7%2Bd0COdFd80fGcGrxiN%2FLXp9s08u%2FHum8%3D&RelayState=45a14d671840b92c3bda3ae715c52e5c9e04b5a0&SMPORTALURL=http://idp.my.com/affwebservices/public/saml2sso]
[07/31/2012][14:09:20][1368][2884][b7e881c9-28a6ab3e-8c6d890a-6fb0aaf7-43f939cd-51][SSO.java][getAuthnRequestData][AuthnRequest: <AuthnRequest Destination="http://idp.my.com/affwebservices/public/saml2sso" ID="_a9b28e7f95e24a5ee8538367df315aa9f1aa" IssueInstant="2012-07-31T19:09:10Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
<ns1:Issuer xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">sp.ca.com</ns1:Issuer>
[SMPS traces for the user attribute provided via the application URL]:
[07/31/2012][14:09:20.726][2188][2292][AuthnRequestProtocol.java][init][Attributes being passed to Assertion Generator Plug-in:
{SMPORTALURL=http://idp.my.com/affwebservices/public/saml2sso, LANG=English, NUM=2453565456}
][][][][][][][][][][][b7e881c9-28a6ab3e-8c6d890a-6fb0aaf7-43f939cd-51][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[07/31/2012][14:09:20.742][2188][2292][AuthnRequestProtocol.java][init][
[Key concepts]
1) saml2sso service converts the HTTP POST request into GET before moving forward
2) The user provided attributes can be used to customize the assertion at IDP by making use of these in the custom written AGP (Assertion Generator Plug-in).