Customizing hidden form that results from Unsolicited SSO

By: Dan Doucet Account Admin 10 Sep 2017 at 9:04 a.m. CDT

4 Responses
Dan Doucet gravatar
Hi, In unsolicited SSO, or even in other SAML flows, the resulting hidden form that gets auto-posted to the SP includes the SAMLResponse and potentially RelayState. I understand that the "correct" approach to include extra attributes would be to release them and have them included directly in the SAMLResponse, however, I'm wondering if there is a way to customize the form such that I could include a couple extra fields in the form outside of the SAMLresponse? Thanks, Dan
CentOS72
closed

Answers

By Mohib Zico staff 10 Sep 2017 at 9:30 a.m. CDT

Copy
Mohib Zico gravatar
Hi Dan, I think I am not clear ... can you provide any example?

By Dan Doucet Account Admin 10 Sep 2017 at 10:17 a.m. CDT

Copy
Dan Doucet gravatar
The resulting hidden form looks like this: <form method="post" action="https://sp.example.com/SAML2/SSO/POST" ...> <input type="hidden" name="SAMLResponse" value="response" /> <input type="hidden" name="RelayState" value="token" /> ... <input type="submit" value="Submit" /> </form> The value of the SAMLResponse parameter is the base64 encoding of a <samlp:Response> element I'm wondering if I can customize that form so that the gluu server includes a couple other form fields? I've simulated this by acting more or less as a proxy and having gluu post to my page and then I add the xtra fields and post to the SP but would like to have the gluu server include them itself.

By Dan Doucet Account Admin 10 Sep 2017 at 10:49 a.m. CDT

Copy
Dan Doucet gravatar
I'm expecting the answer is no and I would be better served to have the SP change the code on their end to expect the extra values to be encoded in the SAMLResponse but I wanted to look into it anyway.

By Mohib Zico staff 11 Sep 2017 at 3:58 a.m. CDT

Copy
Mohib Zico gravatar
>> I'm expecting the answer is no I can't answer yes or no yet because I haven't understood what you are doing or why. :-)

Post an answer