I know that everything is pretty much available via the trace, but is there a way to get the deflated, decoded SAML response (or authn request) after receiving the SSO (or getting the SAML response before sending the SSO in the case of IdP)? This would facilitate in being able to provide the SAML response directly to the user for testing/validation rather than attempting to locate and correlate the response from the trace.
Thanks!
We include an ISAMLObserver interface that allows access to the SAML response. You’ll find this interface and related classes under the ComponentSpace.SAML2.Notifications namespace.
You create a class that extends the AbstractSAMLObserver class which implements ISAMLObserver.
You register your class by calling SAMLObservable.Subscribe.
The following code registers a class that has access to the SAML response.
public class ExampleSAMLObserver : AbstractSAMLObserver
{
///
/// Trace that a SAML response has been sent.
///
/// The partner name.
/// The SAML response.
/// The relay state.
public override void OnSAMLResponseSent(string partnerName, XmlElement samlResponse,
string relayState)
{
// SAML response is available for auditing, saving etc
}
///
/// Trace that a SAML response has been received.
///
/// The partner name.
/// The SAML response.
/// The relay state.
public override void OnSAMLResponseReceived(string partnerName, XmlElement samlResponse,
string relayState)
{
// SAML response is available for auditing, saving etc
}
}
SAMLObservable.Subscribe(new ExampleSAMLObserver());
[quote][/quote]
We include an ISAMLObserver interface that allows access to the SAML response. You'll find this interface and related classes under the ComponentSpace.SAML2.Notifications namespace.
You create a class that extends the AbstractSAMLObserver class which implements ISAMLObserver.
You register your class by calling SAMLObservable.Subscribe.
The following code registers a class that has access to the SAML response.
public class ExampleSAMLObserver : AbstractSAMLObserver
{
///
/// Trace that a SAML response has been sent.
///
/// The partner name.
/// The SAML response.
/// The relay state.
public override void OnSAMLResponseSent(string partnerName, XmlElement samlResponse,
string relayState)
{
// SAML response is available for auditing, saving etc
}
///
/// Trace that a SAML response has been received.
///
/// The partner name.
/// The SAML response.
/// The relay state.
public override void OnSAMLResponseReceived(string partnerName, XmlElement samlResponse,
string relayState)
{
// SAML response is available for auditing, saving etc
}
}
SAMLObservable.Subscribe(new ExampleSAMLObserver());
You create a class that extends the AbstractSAMLObserver class which implements ISAMLObserver.
You register your class by calling SAMLObservable.Subscribe.
The following code registers a class that has access to the SAML response.
public class ExampleSAMLObserver : AbstractSAMLObserver
{
///
/// Trace that a SAML response has been sent.
///
/// The partner name.
/// The SAML response.
/// The relay state.
public override void OnSAMLResponseSent(string partnerName, XmlElement samlResponse,
string relayState)
{
// SAML response is available for auditing, saving etc
}
///
/// Trace that a SAML response has been received.
///
/// The partner name.
/// The SAML response.
/// The relay state.
public override void OnSAMLResponseReceived(string partnerName, XmlElement samlResponse,
string relayState)
{
// SAML response is available for auditing, saving etc
}
}
SAMLObservable.Subscribe(new ExampleSAMLObserver());
These don't seem like they're within the context of an HTTP request. Is that correct? I was hoping for something where I could correlate that for a particular user for testing/validation during the attempt itself.
You could use HttpContext.Current to access the current context including the HTTP request etc.
However, if this doesn’t help either then it might be simpler to copy the SAML response XML from the log file.
[quote]
[/quote]
Hello,
I am able to use OnSAMLResponseSent() and OnAuthnRequestReceived() , but OnLogoutRequestReceived(), OnLogoutResponseReceived(), OnLogoutResponseSent() are never called when acting as IdP.
SingleLogoutService.ReceiveLogoutRequestByHTTPRedirect(HttpContext.Current.Request, out logoutRequest, out relayState, out signed, null);
and
HTTPRedirectBinding.CreateResponseRedirectURL(logoutUrl, samlLogoutResponseXml, null, null);
Is that by design?
Thank you,
Ondro
The ISAMLObserver interface only applies to the SAML high-level API. The SingleLogoutService and HTTPRedirectBinding classes are part of the low-level API.
If you call SAMLIdentityProvider.InitiateSLO, SAMLIdentityProvider.ReceiveSLO and SAMLIdentityProvider.SendSLO then you will receive the corresponding notifications.