SAML sp-based authentication has following short workflow.
- User wants to access application at sp.
- sp sends SAMLRequest token to idp.
- idp consume it and generate SAMLResponse token.
- idp sends this SAMLResponse token to AC-URL given by sp.
My Question is how sp consume this SAMLResponse token. What is the logic? If I can get some JAVA code help it will be beneficial.
Asking for code is a bit much, but the basic processing is that the SP validates the SAMLResponse, including for well-formedness, presence of required values, correct protocol, and any other SP-specific validation (time constraints, data correspondence, etc.), maps user identified in token to user on SP (could involve creating user), and transfers user to requested resource.
Here is how I do it in Java. I use XMLBeans to parse the SAMLResponse, then decrypt it (if it's encrypted) and then verify the signature:
WebBrowserSSOAuthConsumerService
The next recipe is working for me:
Get the SAMLResponse token and decode it and inflate:
Parse the resulting XML. Here you can get the info that you need and for example, create a POJO with it (this is a sample code for parsing LogoutRequest's but would be analogous for responses):
For my use case I am interesting in only a few elements, so I am using SAX:
Hope it helps,
Luis
PS: you also can use a library like OpenSAML
But be prepared to include a few libraries in your CLASSPATH!!!