Usuing CURL to POST SAML Response in Spring-SAML - spring

I am trying to use the CURL Command to POST the response receive from the IDP, i.e. the SAML Response to the SP on one of the alias which I have.
I am using Spring-SAML Framework.
Can someone help me with the exact command which needs to be used if I want to post the SAML Response to the SP using CURL Command ?

SAML Response is fairly complicated and contains a range of values which expire over time, need to correspond to the originally send SAML Authentication Request and depend on configuration of the particular SAML federation. For these reasons there's no way to craft a generic CURL Command.

curl --data #path/to/file https://host
where file contains SAMLResponse= followed by the Base64 encoded and then URL-encoded SAML Response XML, e.g.
SAMLResponse=PHNhbWxwOlJlc3B...snip...R0cmlidXRlU3RhdGVtZW50PgogIDwvc2FtbDpBc3NlcnRpb24%2BCjwvc2FtbHA6UmVzcG9uc2U%2B
If you don't URL-encode the Base64 encoded string, any + characters will cause the XML to be truncated and parsing to fail. The errors I saw in the Keycloak logs were along the lines of Element type "Response" must be followed by either attribute specifications, ">" or "/>".

Related

Spring RestTemplate Response string is shorter than expected

I am trying to get an access token via RestTemplate.postForEntity().
myRestTemplate.postForEntity(authBaseUrl, request, Object.class);
I have a specific class for it, but let's use now a simple Object as type. It contains an access_token field.
It works, because I can get response, but the length if the access tokens (which is a string)
is 1196 character long. And I can get the same length in Postman too.
But if I use the intelliJ built-in REST client, the length is 1199.
Only the token from the intelliJ rest client works (So the longer).
Because I always get a new access token, it is impossible to get the same token twice.
How can I debug it?
What could be the problem?
Is the code that generates the response available to you? if so in your response add a header content-length so you can see what the server sent and what you received. Also, debug the server side and see what is being generated. In addition take another 3d party Http client and test it with this client see if you see a difference. The Http clients that you can try are Apache Http client, OK Http client, or my favorite - a very simplistic client written by me as part of my own Open Source MgntUtils library. Here is the Javadoc for my http client Here is a link to a similar question where you can get the references for any of above mentioned Http clients: How to check the status of POST endpoint/url in java

Problem sending web API to Spotify using Laravel and Guzzle package

I'm trying to communicate with Spotify using web API.
So here's the case. In order to retrieve any information from Spotify, first I need to be authorized by Spotify. To do so, I need to send a post request to https://accounts.spotify.com/api/token containing authorization credentials(containing client_id and client_secret), and then in response, I should receive an access token which later I shall use to retrieve any other information.
Here's a quick Spotify documentation on how it works :
So the problem here is that I'm doing everything I should but I don't get the token in response.
Here's my code using the Guzzle package in laravel :
And instead of an access token as a response, This HTML output is what I'm receiving from Spotify in return (Without any further information of the problem and any error code):
It is possible that you are misinterpreting this line?
Authorization: Basic <base64 encoded client_id:client_secret>
It looks like you are doing this:
base64_encode($client_id) . ":" . base64_encode($client_secret)
But perhaps they want this:
base64_encode($client_id . ":" . $client_secret);
That is, assuming you have base 64 encoded them at all as this is not actually shown in your code.
Additionally, the documentation states that it wants application/x-www-form-urlencoded encoding.
# Sending Form URL Encoded Requests
https://laravel.com/docs/8.x/http-client#sending-form-url-encoded-requests
To meet this requirement, it looks like you may need to add asForm() to the request.
$response = Http::withHeaders(...)->asForm()->post(...);

Apache Nifi : How to pass post params and capture response from post API - traditional non rest, non json API

I'm trying to pull data from a post API that expects authentication and request parameters as part of the request body. I guess, what they do is access the data from the post variables.
What I have seen so far in documentation is how to send POST via JSON or headers. In my case, no headers just the post body parameters.
call to this api via curl --data option works just fine.
curl --data "username=xyz&password=xyz&function=xyz" http://example.com/api.php
How can I replicate above call in nifi?
I have tried multiple methods without success. Latest has been Generate flow file, update attributes (where i fill in the parameters), invoke http then putfile.
But I'm getting errors - the api is not abe to authenticate my request.
Thanks
If you need to send the following data in body, then put it into content of your flowfile.
username=xyz&password=xyz&function=xyz
The easiest way to put it into the Custom Text property of the GenerateFlowFile processor.
Usually for this kind of body you have to provide content type header:
content-type: application/x-www-form-urlencoded
If you don't need any additional headers then you don't have to define any additional attributes of the flow file.

http authentication using apiary / api blueprint

Just dipping my toes into Apiary and API Blueprint, and having some problems with passing in some basic http authentication.
On an initial call, the API creates a token for any given user that needs to be used with any subsequent call. My problem is how to mark-up that authentication so it works with the Apiary production request.
The command-line curl (that works) is (in obfuscated code) this...
curl --user name#somewhere.com:tokenGoesHere http://test.server.uri/API/getUserInfo
So, how do I convert that curl command into the equivalent API Blueprint format?
Unfortunately there's no way, at the moment, to specify authentication/authorisation in APIBlueprint.
It's in the roadmap, but unfortunately we can't give you any precise ETA on that.
You might want to read our help page on the argument as well.

How to send auth_token in Http header

I am trying to create rest based webservices, which I want to secure them using spring security Oauth2.
What I found is then, in oauth2 we have to send auth_token in query string.
But my need is to send in header.
I have searched a lot, but I didn't get the answer which I need.
Is there anybody who can help?
Reference link [ http://www.beingjavaguys.com/2014/10/spring-security-oauth2-integration.html
]
You can test sending the access token for example using Curl:
curl -H "Authorization: Bearer <ACCESS_TOKEN>" http://www.example.com
With this you should be able to see, if server is working as expected. How to do it in client application depends on the programming language you are using.

Resources