2 Replies Latest reply on Sep 15, 2014 4:33 PM by KomputerMan.com

    Encrypting a SAML Assertion using toBase64

    KomputerMan.com Level 1

      I have a pretty generic SAML assertion that I need to encrypt so I can pass it as a URL variable. The problem is when I use the toBase64 tag it adds the <?xml version="1.0" encoding="UTF-8"?> line to the top of the encrypted string. 

       

      This is what my code looks like:

       

      <CFSET MyDate = DateFormat(Now(), "yyyy-mm-dd") & 'T' & TimeFormat(Now(), "HH:nn:ss") & '.343Z'>

      <cfxml variable="samlAssertionXML">

      <samlp:AuthnRequest IssueInstant="#MyDate#" ID="_kdls_testing_application_for_single_sign_on" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

          <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost/sde</saml:Issuer>

          <samlp:NameIDPolicy AllowCreate="true"/>

        </samlp:AuthnRequest>

      </cfxml>

      <CFSET MySML = toBase64(toString(samlAssertionXML))>


      When I decrypt the variable MySML using an online debugger this is what I get:

      <?xml version="1.0" encoding="UTF-8"?>

      <samlp:AuthnRequest IssueInstant="#MyDate#" ID="_kdls_testing_application_for_single_sign_on" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

        <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost/sde</saml:Issuer>

        <samlp:NameIDPolicy AllowCreate="true"/>

      </samlp:AuthnRequest>


      My question is how to I encode my string without getting that annoying XML header included???  Unfortunately the XML header is confusing the ADFS server I'm sending my SAML string to so it has to go.  Any ideas???