Posted by Tom on 10/31/07 21:30

This should be an easy answer. I'm writing a custom SSO application
in PHP for integration with Google Apps. For generating the necessary
SAML responses, I'm using OpenSSO. Google requires you upload a
signed certificate, with a public key embedded. All SAML requests
sent and received between the service provider (Google) and the
identity provider (you) are encrypted using this key. I'm unsure what
to do with the request that Google Apps embeds in the URL though.
It's sent as a $_GET variable so it's not encrypted in a way that
php's openssl functions can understand. I'm not sure how to go about
decoding it:

http://www.example.com/sso?SAMLRequest=fVJLT8MwDL4j8R+i3PsCCUa0Fg2miUkDKlY4cMsSd82WJiVON/j3dB3TxgGOcT5/D9vD289akw04VNakNAljSsAIK5VZpvS1mAQDepudnw2R17pho9ZX5gU+WkB

Any thoughts?

• Next in forum: Re: how to create 'remember login' functionality during login
• Prev in forum: Re: Session or browser problem??
• Thread view: Googles Apps SAML/SSO decrypt

[Reply to this message]