SAML Integration with ColdFusion

Question

I am trying to integrate SAML with ColdFusion 9 Enterprise. The problem I am facing is related to the SAML request I am doing. I am using CFLOCATION to make the request. When I am making the request the request to the server is made as GET request, and I SAML server expects it to be a POST request, which eventually ends up no matching the tokens sent from my server to SAML server.

I am not sure what is causing this. I also tried make the request using the CFHTTP making redirect = "yes" in this case it would not redirect to the url and would not give any error in firebug or in SAML tracer.

Can any one please help me? eagerly waiting for a response.

Thank you :)

Answer 1

If the server receiving the SAML requires a POST, then a GET will not suffice, obviously. Since you are doing a <cflocation>, I'm assuming you're trying to redirect the user (and their browser) after building the SAML assertion to the screen.

You either have to: a) Build your SAML as a form, and include Javascript to force the form to "post" (submit) after it shows on the page.... or b) You can leave the form on the screen, typically with the SAML assertion embedded in a hidden field, probably named "samlResponse", and let the user click a Submit button to actually go.

YOU (the CF server) can't push the SAML for them. The user has to do it, either with an automated form post via Javascript or by allowing the user to submit the form manually.

Start there, report back.