Layer7 API Management

 View Only
  • 1.  Build SAML Protocol Request support different binding protocol ?

    Posted Nov 03, 2016 10:48 AM

    Hi ALL ,


    We have a external IdP Server , and I use "Build SAML Protocol Request Assertion" for authentication.


    but I see the document for "Build SAML Protocol Request Assertion" only support SOAP format ,


    and our external IdP only accept  the request is redirected binding , and response is post binding. that is XML format , not SOAP format , please see the following:


    <?xml version="1.0" encoding="UTF-8"?>
    <samlp:AuthnRequest AssertionConsumerServiceURL="https://an9.***.com/sso/ac/consume" ForceAuthn="false" ID="0" IsPassive="false" IssueInstant="2016-11-03T03:30:33.343Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"
        <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" SPNameQualifier="Issuer"
            <saml2p:RequestedAuthnContext Comparison="exact"
                <saml:AuthnContextClassRef                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport


    My Question is :


    1. "Build SAML Protocol Request Assertion" can support different binding protocol , like   SAML SOAP Binding (based on SOAP 1.1) ,     Reverse SOAP (PAOS) Binding ,     HTTP Redirect Binding ,     HTTP POST Binding ,     HTTP Artifact Binding ,     SAML URI Binding?


    2. how to custom saml request , like add AssertionConsumerServiceURL element ?


    Please help !

  • 2.  Re: Build SAML Protocol Request support different binding protocol ?

    Broadcom Employee
    Posted Nov 23, 2016 07:01 PM



    I've attached several examples for generating custom SAML Requests. The one that I believe you will be most interested with is the Shibboleth file as it has an assertion to inject the SOAP Protocol binding on line 23. 


    As a note, the Siteminder example is used to send to Siteminder/SSO which will require that you request the GZIP tactical assertion from support to use properly.




    Stephen Hughes

    Director, CA Support