cancel
Showing results for 
Search instead for 
Did you mean: 

No Community Help with SAML 2 Config Posts. Can some provide an example of SAML(XML) 2 in SoapUI?

SOLVED
Highlighted
Contributor

No Community Help with SAML 2 Config Posts. Can some provide an example of SAML(XML) 2 in SoapUI?

I'm having difficulty configuring SAML authentication using SoapUI Pro and I've read many similar posts in Open Source community; however, they go unanswered. For example, "Could some give a sample example of SAML(XML) in SoapUI WS configuration" and "Enveloped Signature for SAML (XML) WSS Entry".

 

SmartBear's page doesn't provide an example SAML(XML) Assertion.

Collaborator has a page that goes into some depth to help the customer, but not SoapUI OS or Pro.

 

We use ForgeRock's OpenAM to setup SAML and I think I’ve gleaned as much as I can from it. For instance, XML Canonicalization algorithm, XML digest algorithm, XML signature algorithm, ID Token Signing Algorithms supported, ID Token Encryption Algorithms supported, Circle of Trust, etc.; however, there’s no 1-for-1 match between what OpenAM provides that SoapUI Pro asks for. I've asked our DevOps/Integration teams for a SAML(XML) Assertion, but they haven't been able to accommodate, yet.

 

Could someone give a sample example of SAML(XML) in SoapUI WS configuration?

 

Regards,

 

 

 

 

 

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Moderator

Re: No Community Help with SAML 2 Config Posts. Can some provide an example of SAML(XML) 2 in SoapUI

Hi @socaltester,

 

Do you have a sample of the successful request which you need to send to your service?

Here: https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-mana... I found an example of a SAML assertion.



Learn SmartBear products in a fun and easy way and prove your knowledge!
>>Participate in the TechCorner Challenge today

View solution in original post

6 REPLIES 6
Highlighted
Community Hero

Re: No Community Help with SAML 2 Config Posts. Can some provide an example of SAML(XML) 2 in SoapUI

Hi @socaltester 

 

I can't help per se (as I've never had to configure a SAML Auth connection) but perhaps the following idea might help you find a way.

 

SAML authentication is quite similar to OAuth2 inasmuch that they have the same (equivalent) basic concepts in regards to the back and forth between the client/AuthServer/ResourceServer to obtain the required access/bearer tokens(OAuth) / SAML assertions (SAML Auth).

 

It's likely a bit of trial and error - but in the absence of any other ideas and a default SAML auth connection profile within ReadyAPI!, perhaps you could tailor one of the default OAuth v2 auth profiles considering they have equivalent concepts?

 

ta,

 

rich

if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the Subject header field of the post to something more descriptive? This will help people when searching for problems. Ta
Tags (1)
Highlighted
Moderator

Re: No Community Help with SAML 2 Config Posts. Can some provide an example of SAML(XML) 2 in SoapUI

Hi @socaltester,

 

Do you have a sample of the successful request which you need to send to your service?

Here: https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-mana... I found an example of a SAML assertion.



Learn SmartBear products in a fun and easy way and prove your knowledge!
>>Participate in the TechCorner Challenge today

View solution in original post

Highlighted
Contributor

Re: No Community Help with SAML 2 Config Posts. Can some provide an example of SAML(XML) 2 in SoapUI

I will have to clean up the SAML payloads of AuthnRequest and Response before I could provide them. I may be able to do this in a few days. I'm NOT just looking for an example SAML assertion, as I can find those online, I'm looking for those examples in combintation with configuring SoapUI with them. For instance, I can't tell what format a "Timestamp" entry will add to the assertion. Does it equate to "IssueInstant"? Does it equate to "<saml:Conditions"? or none of them? There isn't a "Timestamp" section specifically called out in my saml:Response.(see below)

 

        <saml:Subject>
            <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                         NameQualifier="/abc2"
                         >12XHAx357FyJW5AC53tjEO77Z567</saml:NameID>
            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml:SubjectConfirmationData InResponseTo="_a34353d4e52fca721fc23f2160bab2fdqqq"
                                              NotOnOrAfter="2019-12-31T21:07:03Z"
                                              Recipient="https://aws-example-proxy.sd.bugbunny.looney.com/console/samlLogin"
                                              />
            </saml:SubjectConfirmation>
        </saml:Subject>
        <saml:Conditions NotBefore="2019-12-31T20:47:03Z"
                         NotOnOrAfter="2019-12-31T21:07:03Z"
                         >
            <saml:AudienceRestriction>
                <saml:Audience>xyz</saml:Audience>
            </saml:AudienceRestriction>
        </saml:Conditions>

 

To add, the above is just an simple example that I'm dealing with. Our saml:Resonse also has a "saml:AttributeStatement" that has multiple "Attribute Names", each with it's own "Attribute Value", but SoapUI only has one "Attribute Name" field with multiple "Attribute Values" that can be added. How do I deal with that? (see below for multiple attributes with values)

       <saml:AuthnStatement AuthnInstant="2019-12-31T20:57:01Z"
                             SessionIndex="2qqef6c4ef4e2cfe3b87d3037cd3bcb7b27c07c1ee"
                             >
            <saml:AuthnContext>
                <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
            </saml:AuthnContext>
        </saml:AuthnStatement>
        <saml:AttributeStatement>
            <saml:Attribute Name="uid">
                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
                                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                     xsi:type="xs:string"
                                     >COOK.TIMOTHY.HESTER.123456789</saml:AttributeValue>
            </saml:Attribute>
            <saml:Attribute Name="isMemberOf">
                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
                                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                     xsi:type="xs:string"
                                     >cn=ComputerManagers,ou=groups,o=ABC2,c=US</saml:AttributeValue>
                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
                                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                     xsi:type="xs:string"
                                     >cn=KiteManagers,ou=groups,o=ABC2,c=US</saml:AttributeValue>
            </saml:Attribute>
            <saml:Attribute Name="cn">
                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
                                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                     xsi:type="xs:string"
                                     >COOK.TIMOTHY.HESTER.123456789</saml:AttributeValue>
            </saml:Attribute>
            <saml:Attribute Name="sn">
                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
                                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                     xsi:type="xs:string"
                                     >COOK.TIMOTHY.HESTER.123456789</saml:AttributeValue>
            </saml:Attribute>
            <saml:Attribute Name="givenName">
                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
                                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                     xsi:type="xs:string"
                                     >COOK.TIMOTHY.HESTER.123456789</saml:AttributeValue>
            </saml:Attribute>
        </saml:AttributeStatement>

Also, also...there's a AuthnRequest payload and a seperate Response payload. The logic I have wants to categorize AuthnRequest with "WS-S Outgoing" and Response with "WS-S Incoming", but that doesn't match with what SoapUI requests in its GUI.

 

Any help is greatly appreciated. I'll clean up the entire AuthnRequest and Response payloads and post them early next week. Say Monday or Tuesday.

Tags (1)
Highlighted
Contributor

Re: No Community Help with SAML 2 Config Posts. Can some provide an example of SAML(XML) 2 in SoapUI

Attached are modified SAML payload files for AuthnRequest and Response

Highlighted
Contributor

Re: No Community Help with SAML 2 Config Posts. Can some provide an example of SAML(XML) 2 in SoapUI

Okay. The SAML configuration tools presented in "Outgoing WS-Security Configurations" seems to have sent me into the wrong direction when dealing with an environment using PKI certificates and SAML in its authentication. I abandoned the use of the SAML recreation tools and effort after being informed that it shouldn't be necessary to get and utilize a tokenID for our environment. My tests are able to authenticate now, so I'm off and running.

 

This begs the question, and maybe I just didn't key in on it when I read about it, but what is the purpose of the SAML assertion recreation tools within "Outgoing WS-Security Configurations"? Is their purpose to create a test tokenID on the fly just like an authentication service would do?

Tags (3)
Highlighted
Moderator

Re: No Community Help with SAML 2 Config Posts. Can some provide an example of SAML(XML) 2 in SoapUI

As far as I know, you're working on this in the case with our Support Team. Please continue working there and share the solution with Community once you get some.



Learn SmartBear products in a fun and easy way and prove your knowledge!
>>Participate in the TechCorner Challenge today
New Here?
Join us and watch the welcome video:
Announcements
TechCorner Leaderboard
Compete with community members in the TechCorner Challenge and get into the Leaderboard!

Rank Participant Points Earned
1 msiadak 12
2 nmrao 8
3 HimanshuTayal 3
Top Kudoed Authors