Open zarusz opened 8 years ago
AndersAbel
commented
8 years ago The deflate/inflate step is part of the HTTP Redirect binding, which is normally not used for SAML Responses due to length concerns. The normal binding for incoming responses is the HTTP POST binding that doesn't deflate the data. The inflate step should not be configured, it should be decided based on the binding used. Also note that the signature handling of HTTP Redirect is quite different.
zarusz
commented
8 years ago We'd decided to use HTTP Redirect binding, because the POST binding is not supported by this library. I was getting NotImplementedException and also noticed the handling code was commented out. Can you please comment why this is so?
Based on your comment for the deflate/inflate when the binding used is REDIRECT it should automatically apply decompression (inflate) instead of being driven by configuration. I can fix this.
elerch
commented
8 years ago @zarusz I would like to support POST binding at some point - it should be relatively close. It was commented out because the upstream library I pulled from had a lot of coupling to system.web and I just didn't take the time originally to handle more than what I needed. I'm happy to accept a PR for post support, otherwise I'm not sure when I'll get to it.
The identity provider we're using (PingFederate) sends the response SignOn message compressed using the deflate algorithm. This change adds support and a configuration switch to enable response message decompression for such providers.
Have a look at Base64 Decode + Inflate decode on this website: https://www.samltool.com/decode.php
Let me know if any questions.