Highlighted
MPratesi
Member.
80 views

catch saml:NameID from assertion

Hi all,

I've to federate NAM SAML Component (act as SP) with external IDP to allow access by external users to an application protected by a NAM MAG.

The SAML flow is based to an IDP Initiated process.

The user Identification ID (fiscal Code) is present as Saml NameID in the SAML response assertion and I need to capture it to send it in injection to the application. How can I catch this value from assertion?

This is an example of SAML Response:

<samlp2:Response xmlns:samlp2="urn:oasis:names:tc:SAML:2.0:protocol" Version="2.0" ID="SAML-904d04bf-4cb3-4b4c-ac73-2d3e7e3f6ceb" IssueInstant="2019-03-21T11:30:10Z" Destination="">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idptest.domain.local</saml2:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#SAML-904d04bf-4cb3-4b4c-ac73-2d3e7e3f6ceb">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>……</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>……</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>……</X509Certificate>
<X509IssuerSerial>
<X509IssuerName>……</X509IssuerName>
<X509SerialNumber>……</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</KeyInfo>
</Signature>
<samlp2:Status>
<samlp2:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp2:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="SAML-c1770b20-c269-4f68-bc02-2d3e7e3facee" IssueInstant="2019-03-21T11:30:10Z">
<saml2:Issuer>https://idptest.domain.local</saml2:Issuer>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">AAABBBCCCDDDEEEFFF</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData NotBefore="2019-03-21T11:30:10Z" NotOnOrAfter="2019-03-21T13:30:10Z"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2019-03-21T11:30:10Z" NotOnOrAfter="2019-03-21T13:30:10Z"/>
<saml2:AuthnStatement AuthnInstant="2019-03-21T11:30:10Z" SessionNotOnOrAfter="2019-03-21T13:30:10Z">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>SPID AUTH</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
</samlp2:Response>

Thanks in advance,

Maurizio

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.