|Note: SAML 1.1 will be deprecated soon. If you are working on a new integration, we strongly recommend that you use OIDC instead.|
Receiving the SAML response
After authenticating, Signicat will redirect the user to the target using HTTP POST. In terms of HTTP, this is what the request would like like:
POST http://localhost:8080/auth/verify HTTP/1.1 Host: localhost:8080 Proxy-Connection: keep-alive Content-Length: 9213 Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Origin: https//preprod.signicat.com User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) chrome/29.0.1547.66 Safari/537.36 Content-Type: Application/x-www-form-urlencoded Accept-Encoding: gzip, deflate,sdch Accept-Language: en-US,en;q=0.8 SamlResponse=PFJlc3BvbnNlIHhtbG5zPSJ1c...and so on and so on...Rpb24%2BPC)SZXNwb25zZT4%3D%0D%0A&TARGET=http%3A%2F%2Flocalhost%3A5050%2Fvalidate
Decoding the SAML response will result in the actual SAML (XML) document which contains information about the authentication. Read more about SAML 1.1 and SAML 2.0 or have a look at example SAML responses for different id providers.
Verifying the SAML response
The SAML response is a signed XML (xml-dsig) and the signature must be verified in order to ensure the correctness of the assertion. Signicat provides libraries that will help you verifying the SAML using Java or C#.
Retrieving attributes from the SAML response
Please have a look at the SAML response examples to see which attributes are available in the SAML responses.