Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Perl and SAML

by Hammy (Scribe)
on Mar 07, 2007 at 01:49 UTC ( [id://603547]=perlquestion: print w/replies, xml ) Need Help??

Hammy has asked for the wisdom of the Perl Monks concerning the following question:

Hello, I have a need to use Perl to parse a SAML document and I am having trouble finding examples that do this. I found Net::SAML on CPAN, but there were no descriptions of what the functions listed did. Am I trying to do something with Perl that is just not there yet? I have a Java programmer working for me and he tried the openSAML route for openSAML and found nothing, but dead ends and I am hoping I don't hit the same road blocks. Thanks in advance.

Replies are listed 'Best First'.
Re: Perl and SAML
by idsfa (Vicar) on Mar 07, 2007 at 06:20 UTC

    The part of SAML which you need to verify the x.509 signature is XMLSec. This example (in C) illustrates how to use the C library to do this. Unfortunately, there aren't any perl bindings (yet) for this library (though the author is open to the idea).

    Parsing the values out of the XML document is, as you say, the easy part ...

    The intelligent reader will judge for himself. Without examining the facts fully and fairly, there is no way of knowing whether vox populi is really vox dei, or merely vox asinorum. — Cyrus H. Gordon
[reply]
      Thanks for taking the time to straighten me out. Conceptually, can't I just take the following steps

      Use crypt:x509 to decipher certificate
      Pull out the public key piece
      Use the public key with the MD5 HASH to verify the signature?

      That is the best I can get from the documentation.

[reply]
        If you don't want to build your own SAML. Check out AssureBridge SSOExchange. It's a hosted service that integrates into Perl Apps with a few lines of code and provides full SAML functionality. http://www.assurebridge.com/integrations/
[reply]
Re: Perl and SAML
by GrandFather (Saint) on Mar 07, 2007 at 02:03 UTC

    Did you find the information at http://zxid.org/?

    DWIM is Perl's answer to Gödel
[reply]
      That is where I started. The site does not have any concrete examples (that I have come across). I need to gather the x509 certificate and verify the signature. Then I need to pull out the attributes. I may be making things very simplistic, but I may be able to do this with out specific SAML functions. All I need to do is find a function to decipher a signature. THe XML parsing is easy. I was hoping someone would say - use this function and that function and you are all set.
[reply]
[reply]
Re: Perl and SAML
by hossman (Prior) on Mar 07, 2007 at 03:24 UTC

    I don't even know what SAML is, but i do notice that the POD for Net::SAML says "Consult zxid/README.zxid for detailed API descriptions. This pod is only a place holder - real documentation is in the README.zxid file.

[reply]
      I have tried Net::SAML and I can not even get it to make. I am not very experienced when it comes to manually making the files (I just use CPAN). The compressed file comes with Makefile not Makefile.PL. I tried to just rename it and run and it did not work. The documentation said this has only been tested on a Linux platform - I am on FreeBSD. No luck so far. I have tried to brute force it by using crypt::x509 to decipher the cert, but I have not had any luck with that either.
[reply]
Re: Perl and SAML
by bcarroll (Pilgrim) on Jun 18, 2014 at 13:45 UTC
    Have a look at Authen::NZRealMe and its sub modules

    The process may be a little different depending on whether you are trying to parse a Service Provider issued SAML AuthnRequest or an Identity Provider issued SAMLResponse

    An AuthnRequest will typically be rawdeflated ( IO::Compress::RawDeflate::rawdeflate ), Base64 encoded ( MIME::Base64::encode_base64 ), and URI encoded ( URI::Escape::uri_escape ).

    To parse a SAML AuthnRequest you need to process the data in reverse.

    Here is a simple example. Note: This example does not verify the digital signature of the AuthnRequest (if it exists). 

    use warnings;
use strict;
use MIME::Base64               qw(encode_base64 decode_base64);
use URI::Escape                qw(uri_escape uri_unescape);
use IO::Uncompress::RawInflate qw(rawinflate $RawInflateError);

my $AuthnRequestXML = '';
my $samlRequest = 'BASE64_ENCODED_SAMLREQUEST_FROM_SERVICE_PROVIDER';
$samlRequest = uri_unescape($samlRequest);
$samlRequest = decode_base64($samlRequest);
rawinflate \$samlRequest => $AuthnRequestXML or return "Error decompre
+ssing data: $RawInflateError\n";
print "SAML AuthnRequest XML:\n$AuthnRequestXML\n";

    [download]
    To make the XML output easier to read, you can send it through XML::Tidy 
    use XML::Tidy;
XML::Tidy->new('xml'=>$AuthnRequestXML)->tidy()->toString();

    [download]
[reply]
[d/l]
[select]
Re: Perl and SAML
by jesuashok (Curate) on Mar 07, 2007 at 02:44 UTC
    refer the links, if you find it useful. I got these informations by google search. If you have seen those links already, sorry man. :-(
    I could not find many artifacts which deals with parsing the SAML document. If you have done your work successfully, throw your idea about paring SAML, to perlmonks. that will be useful to all of us.

    SAML_Ref_1 SAML_Ref_2
[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://603547]
Approved by GrandFather
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chilling in the Monastery: (4)
As of 2024-04-25 20:15 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found