SAML 2 Redirect binding decoder should handle SAMLEncoding parameter
Basics
Technical
Logistics
Basics
Technical
Logistics
Description
While reviewing the bindings spec for something else, I was reminded that the SAML 2 Redirect binding can carry an optional SAMLEncoding query param, to specify a different encoding scheme URI other than the default, which is the DEFLATE one.
Currently our decoder only supports the DEFLATE encoding, hardcoded in the impl.
We should check for the presence of the SAMLEncoding param and at a minimum, throw an appropriate exception if we don't support.
We could also choose to actually try and support alternate encodings in some fashion. One route is plugins, via an injected Map<String,Function> or similar. That's probably a bit of work for a essentially non-existent use case - the DEFLATE encoding is the only one defined so far - but we should at least consider it.
While reviewing the bindings spec for something else, I was reminded that the SAML 2 Redirect binding can carry an optional
SAMLEncodingquery param, to specify a different encoding scheme URI other than the default, which is the DEFLATE one.Currently our decoder only supports the DEFLATE encoding, hardcoded in the impl.
We should check for the presence of the
SAMLEncodingparam and at a minimum, throw an appropriate exception if we don't support.We could also choose to actually try and support alternate encodings in some fashion. One route is plugins, via an injected
Map<String,Function>or similar. That's probably a bit of work for a essentially non-existent use case - the DEFLATE encoding is the only one defined so far - but we should at least consider it.