Posted by petersprc on 11/01/07 09:26

SAMLRequest is a DEFLATE encoded XML string. You can decode with

function samlDecode($str) {
$str = base64_decode($str);
$str = gzinflate($str);
if ($str === false) {
$str = gzuncompress($str);
}
return $str;
}

gzinflate (rfc1951 - DEFLATE) and gzuncompress (rfc1950 - ZLIB) are
both tried because some implementations use the second format.

Google has some sample PHP code that implements this here:

http://google-apps-sso-sample.googlecode.com/files/samltool_php.zip

SAML 2.0 March 05:

http://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf

On Oct 31, 4:30 pm, Tom <bie...@gmail.com> wrote:
> This should be an easy answer. I'm writing a custom SSO application
> in PHP for integration with Google Apps. For generating the necessary
> SAML responses, I'm using OpenSSO. Google requires you upload a
> signed certificate, with a public key embedded. All SAML requests
> sent and received between the service provider (Google) and the
> identity provider (you) are encrypted using this key. I'm unsure what
> to do with the request that Google Apps embeds in the URL though.
> It's sent as a $_GET variable so it's not encrypted in a way that
> php's openssl functions can understand. I'm not sure how to go about
> decoding it:
>
> http://www.example.com/sso?SAMLRequest=fVJLT8MwDL4j8R+i3PsCCUa0Fg2miU...
>
> Any thoughts?

[Back to original message]