X4 Produktdokumentation
X4 Produktdokumentation
Breadcrumbs

SAML Calculator

This adapter signs, validates, encrypts and decrypts SAML assertions and requests.

Properties

Operation

Defines the operation executed by the function adapter.

Possible values:

  • Encrypt Assertion: Encrypt SAML assertion
    Required parameters: cryptAlias, cryptPassword

  • Decrypt Assertion: Decrypt SAML assertion
    Required parameters: cryptAlias, cryptPassword

  • Sign Assertion: Sign SAML assertion with a certificate
    Required parameters: signatureAlias, signaturePassword, algorithm

  • Validate Assertion: Validate SAML assertion
    Required parameters: cryptAlias, cryptPassword, signatureRequired, skipValidation

  • Sign Request: Sign SAML request with a certificate
    Required parameters: signatureAlias, signaturePassword, algorithm

  • Validate Request: Validate SAML request
    Required parameters: signatureRequired, skipValidations

Parameters

keystoreUrl

URL of the keystore that is used to encrypt and decrypt SAML assertions.

Possible values: String (URL)

keystorePassword

Password of the keystore that is used to encrypt and decrypt SAML assertions.

Possible values: String

keystoreType

Type of the keystore that is used to encrypt and decrypt SAML assertions.

Possible values: Type of the keystores, e.g. JKSPKCS12, ...

signatureRequired

Defines if a signature is required to decrypt a file.

Possible values: true / false

skipValidations

Defines if the signature and validity verifications are skipped during decrypting.

Possible values: true / false

cryptAlias

Alias of the key pair or certificate that is used to decrypt and encrypt SAML assertions.

cryptPassword

Passwort of the key pair that is used to decrypt SAML assertions.

signatureAlias

Alias of the key pair that is used to sign SAML assertions.

signaturePassword

Passwort of the key pair that is used to sign SAML assertions.

algorithm

Algorithm that is to be used to sign SAML assertions.

Possible values:

  • SHA1:

  • SHA256:

  • SHA512:

Status values

1

The adapter outputs a result.

-1

An error occurred during the adapter's execution (for details see server log).

Input

The adapter expects a SAML assertion or a SAML request depending on the operation to be executed.

  • SAML Assertion:

    Example Input SAML Assertion

    XML
    <saml:Assertion 	
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 	
	xmlns:xs="http://www.w3.org/2001/XMLSchema"
	xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 	
	ID="_d71a3a8e9fcc45c9e9d248ef7049393fc8f04e5f75" Version="2.0" 	IssueInstant="2014-07-17T01:01:48Z">
	<saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
	<saml:Subject>
		<saml:NameID 			SPNameQualifier="http://sp.example.com/demo1/metadata.php" 			Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"> 			_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7 		</saml:NameID>
		<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
			<saml:SubjectConfirmationData NotOnOrAfter="2024-01-18T06:21:48Z" 				Recipient="http://sp.example.com/demo1/index.php?acs" 				InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685"/>
		</saml:SubjectConfirmation>
	</saml:Subject>
	<saml:Conditions NotBefore="2014-07-17T01:01:18Z" NotOnOrAfter="2024-01-18T06:21:48Z">
		<saml:AudienceRestriction>
			<saml:Audience>http://sp.example.com/demo1/metadata.php</saml:Audience>
		</saml:AudienceRestriction>
	</saml:Conditions>
	<saml:AuthnStatement AuthnInstant="2014-07-17T01:01:48Z" 		SessionNotOnOrAfter="2024-07-17T09:01:48Z" 		SessionIndex="_be9967abd904ddcae3c0eb4189adbe3f71e327cf93">
		<saml:AuthnContext>
			<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
		</saml:AuthnContext>
	</saml:AuthnStatement>
	<saml:AttributeStatement>
		<saml:Attribute Name="uid" 			NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
			<saml:AttributeValue xsi:type="xs:string">test</saml:AttributeValue>
		</saml:Attribute>
		<saml:Attribute Name="mail" 			NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
			<saml:AttributeValue xsi:type="xs:string">test@example.com</saml:AttributeValue>
		</saml:Attribute>
		<saml:Attribute Name="eduPersonAffiliation" 			NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
			<saml:AttributeValue xsi:type="xs:string">users</saml:AttributeValue>
			<saml:AttributeValue xsi:type="xs:string">examplerole1</saml:AttributeValue>
		</saml:Attribute>
	</saml:AttributeStatement>
</saml:Assertion>

  • SAML Request:

    Example Input SAML Request

    XML
    <samlp:AuthnRequest ID="123456789" Version="2.0" 	IssueInstant="2019-01-01T12:00:00" 	Destination="https://www.example.org/saml/login" 	ForceAuthn="false" IsPassive="false" 	xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
	<saml:Issuer 		xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">BPMX4</saml:Issuer>
	<samlp:NameIDPolicy AllowCreate="true" 		Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
</samlp:AuthnRequest>

Output

The Adapter outputs different files depending on the operation executed:

  • Encrypt Assertion: The adapter outputs a decrypted SAML assertion.

  • Sign Assertion: The adapter outputs a signed SAML assertion.

  • Sign Request: The adapter outputs a signed SAML request.