Intro
SAML Response :
- A SAML Response is sent by the Identity Provider to the Service Provider and if the user succeeded in the authentication process, it contains the Assertion with the NameID / attributes of the user.
- It basically used in SSO (Single sign-on) process
- e.g. sign on with Azure, or with another server as Authentik
My Concern
Recently I was working on SSO feature using SAML provider with Authentik self hosted server.
- In that I implemented SSO with it, the user is been logged in to the website via Authentik server.
- But in Redirect URL I only get SAML Response as GET param.
- Now I need to access Authentik API which requires an access token & I get only SAML Response in the response.
- I've done many R&D but didn't found a way to generate Access Token using this SAML Response.
Reaching to the Solution
- Then I try to decode this response as it was base64 encoded.
- Decoded it with base64_decode() but it was Deflated.
- Then I found this tool to Base64 Decode + Inflate
- I got an XML response in decode.
- In that XML response I found unique username by which I could generate an API token!
The Solution
- So Now in order to decode base64 & inflate it in the code I've implemented below function :
/**
* decode & inflate Saml Response
* @return string | string contains xml
*/
private function decodeSamlResponse(string $samlResponse): string {
if (!$samlResponse) {
return '';
}
// decode SAML response
$samlDecoded = base64_decode($samlResponse);
if (!$samlDecoded) {
return '';
}
// inflate decoded SAML response
$samlXml = gzinflate($samlDecoded);
if (!$samlXml) {
return '';
}
return $samlXml;
}- In this function I could pass SAML Response in it as parameter then in return I get string response which is XML string of encoded SAML Response.
- Now I could read XML & fetch unique username from it & create Access Token using it to Access Authentik API for the logged user.
So we could decode SAML response like this.
Hope it helps further!