WSO2 Identity Server - SAML SSO - Passive STS example not working

Question

I'm referring to the following article: http://wso2.org/library/articles/2010/07/saml2-web-browser-based-sso-wso2-identity-server

This example works with identity server 4.0.0 but NOT with identity server 4.1.0...

With 4.1.0 - the SAML response is returned, but the relying party application throws an exception when it is trying to deserialize the message. Could this sample be updated to work with the later version of IS?

Here's the stack trace of the relying party application:

SEVERE: Servlet.service() for servlet [SAML2ConsumerServlet] in context with path [/saml2.demo] threw exception
java.lang.NullPointerException
    at org.wso2.identity.saml2.demo.SamlConsumerManager.getResult(SamlConsumerManager.java:278)
    at org.wso2.identity.saml2.demo.SamlConsumerManager.processResponseMessage(SamlConsumerManager.java:252)
    at org.wso2.identity.saml2.demo.SAML2ConsumerServlet.doPost(SAML2ConsumerServlet.java:77)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

Source code from relying party application: https://svn.wso2.org/repos/wso2/people/suresh/saml2/saml2-demo/src-dist

Answer 1

Seems like the decoder operation has not been implemented, and IS 4.0.0 onwards the responses is encoded using Base64, so you may nrequired to do changers in the SamlConsumerManager.java

private String samlDecoder(String messsage) throws Exception{

// Base64 decode

//byte[] xmlBytes = messsage.getBytes("UTF-8");
byte[] base64DecodedByteArray = Base64.decode(messsage);

// Inflate (uncompress) the AuthnRequest data
// First attempt to unzip the byte array according to DEFLATE (rfc 1951)

Inflater inflater = new Inflater(true);
inflater.setInput(base64DecodedByteArray);
// since we are decompressing, it's impossible to know how much space we
// might need; hopefully this number is suitably big
byte[] xmlMessageBytes = new byte[5000];
int resultLength = inflater.inflate(xmlMessageBytes);

if (!inflater.finished()) {
    throw new RuntimeException("didn't allocate enough space to hold "
            + "decompressed data");
}

inflater.end();

String decodedResponse = new String(xmlMessageBytes, 0, resultLength,
        "UTF-8");

return decodedResponse;

}

public Map<String, String> processResponseMessage(String responseMessage) {

XMLObject responseXmlObj = null;

try {
    **responseXmlObj = unmarshall(samlDecoder(responseMessage));**

hope the answer has helped you, since I was able to get this thing work after applying following