Include the Java client kit in your project
The first step is to download the client kit for Java. The lib folder will contain the .jar-files you need, so include them into your project. The client kit also contains more example code.
Create the method which will receive the SAML response
String assertion =
Fetch the base 64 encoded SAML response from the
Set the subject distinguished name of the expected certificate used to sign the SAML response (i.e. the certificate used by Signicat to sign SAML responses). This value will differ between test and production, so make it configurable.
String recipientUrl = request.url();
A SAML response contains information about the intended recipient of it, i.e. the URL of the method which should receive it. This is a safety mechanism to make sure that you're not verifying SAML responses that were intended for another recipient/application. If this application was running on
then the request URL would be (In production you are required to use https.)
SamlResponseData samlResponseData = samlFacade.readSamlResponse(assertion, new URL(recipientUrl));
readSamlResponsemethod expects the base 64 encoded SAML response and the previously constructed recipient URL. If successful, the
SamlResponseDatawill contain a set of all the attributes in the SAML response. If unsuccessful, it will throw an exception and the exception message will tell you why.
for(SamlResponseData.Attribute attribute : samlResponseData.getAttributes())
You may iterate over the attributes in the response, or you may use
SamlResponseData.getSubjectName()to retrieve information about the subject. The code you write here will depend on what id method is in use and which information you are interested in. See example SAML responses for different id providers here.
response.cookie("nationalid", nationalId, 3600, true);
Demo code. Most likely you want to map a national identity number of a person to some kind of user id in your application. You are not required nor encouraged to use the national identity number in your cookies.
Authentication is complete and you may redirect the user to wherever you'd like.
The following exceptions are not uncommonly produced when verifying the SAML response:
- ScResponseException – A type of exception which occurs when the SAML response indicates an invalid authentication, for example if the authentication process was cancelled or the user´s certificate expired.
- ScSecurityException – A type of exception related to security, i.e. expired SAML responses, incorrect recipient, problems verifying the certificate information etc.