Add support for inflating (decompressing) response SAML messages. #11
Conversation
|
The deflate/inflate step is part of the HTTP Redirect binding, which is normally not used for SAML Responses due to length concerns. The normal binding for incoming responses is the HTTP POST binding that doesn't deflate the data. The inflate step should not be configured, it should be decided based on the binding used. Also note that the signature handling of HTTP Redirect is quite different. |
|
We'd decided to use HTTP Redirect binding, because the POST binding is not supported by this library. I was getting NotImplementedException and also noticed the handling code was commented out. Based on your comment for the deflate/inflate when the binding used is REDIRECT it should automatically apply decompression (inflate) instead of being driven by configuration. I can fix this. |
|
@zarusz I would like to support POST binding at some point - it should be relatively close. It was commented out because the upstream library I pulled from had a lot of coupling to system.web and I just didn't take the time originally to handle more than what I needed. I'm happy to accept a PR for post support, otherwise I'm not sure when I'll get to it. |
The identity provider we're using (PingFederate) sends the response SignOn message compressed using the deflate algorithm. This change adds support and a configuration switch to enable response message decompression for such providers.
Have a look at Base64 Decode + Inflate decode on this website:
https://www.samltool.com/decode.php
Let me know if any questions.