Posted by Tom on 11/03/07 21:38

On Nov 1, 5:26 am, petersprc <peters...@gmail.com> wrote:
> SAMLRequest is a DEFLATE encoded XML string. You can decode with
>
> function samlDecode($str) {
> $str = base64_decode($str);
> $str = gzinflate($str);
> if ($str === false) {
> $str = gzuncompress($str);
> }
> return $str;
>
> }
>
> gzinflate (rfc1951 - DEFLATE) and gzuncompress (rfc1950 - ZLIB) are
> both tried because some implementations use the second format.
>
> Google has some sample PHP code that implements this here:
>
> http://google-apps-sso-sample.googlecode.com/files/samltool_php.zip
>
> SAML 2.0 March 05:
>
> http://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf
>
> On Oct 31, 4:30 pm, Tom <bie...@gmail.com> wrote:
>
>
>
> > This should be an easy answer. I'm writing a custom SSO application
> > in PHP for integration with Google Apps. For generating the necessary
> > SAML responses, I'm using OpenSSO. Google requires you upload a
> > signed certificate, with a public key embedded. All SAML requests
> > sent and received between the service provider (Google) and the
> > identity provider (you) are encrypted using this key. I'm unsure what
> > to do with the request that Google Apps embeds in the URL though.
> > It's sent as a $_GET variable so it's not encrypted in a way that
> > php's openssl functions can understand. I'm not sure how to go about
> > decoding it:
>
> >http://www.example.com/sso?SAMLRequest=fVJLT8MwDL4j8R+i3PsCCUa0Fg2miU...
>
> > Any thoughts?- Hide quoted text -
>
> - Show quoted text -

Thanks for the tip, and the URL for the php sample library. I was in
the process of rewriting process_response.php!

[Back to original message]