Googles Apps SAML/SSO decrypt

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
This should be an easy answer.  I'm writing a custom SSO application
in PHP for integration with Google Apps.  For generating the necessary
SAML responses, I'm using OpenSSO.  Google requires you upload a
signed certificate, with a public key embedded.  All SAML requests
sent and received between the service provider (Google) and the
identity provider (you) are encrypted using this key.  I'm unsure what
to do with the request that Google Apps embeds in the URL though.
It's sent as a $_GET variable so it's not encrypted in a way that
php's openssl functions can understand.  I'm not sure how to go about
decoding it:

Any thoughts?

Re: Googles Apps SAML/SSO decrypt

SAMLRequest is a DEFLATE encoded XML string. You can decode with

function samlDecode($str) {
  $str = base64_decode($str);
  $str = gzinflate($str);
  if ($str === false) {
    $str = gzuncompress($str);
  return $str;

gzinflate (rfc1951 - DEFLATE) and gzuncompress (rfc1950 - ZLIB) are
both tried because some implementations use the second format.

Google has some sample PHP code that implements this here:

SAML 2.0 March 05:

Quoted text here. Click to load it

Re: Googles Apps SAML/SSO decrypt

Quoted text here. Click to load it

Thanks for the tip, and the URL for the php sample library.  I was in
the process of rewriting process_response.php!

Site Timeline