FAQ¶
How to process received request or response ?¶
There are mainly three bindings: SOAP, Redirect or POST (whether you use ID-FFv1.2 or SAMLv2).
- With SOAP you must pass the body of the received POST request to the processing functions like
lasso_logout_process_request_msg
.- with PHP, use
@file_get_contents('php://input')
, - with Java, use
DataInputStream(request.getInputStream()).readUTF()
, - with Perl or Python, it will depend upon you web framework.
- with PHP, use
- With HTTP-Redirect you must pass the query string i.e. the part of the URL after the character ? to the processing function.
- with PHP, use
$_SERVER["QUERY_STRING"]
, - with Java, use
request.getQueryString()
if you use the standard Java servlet classes (HttpServletRequest
), - with Perl or Python, it will depend upon you web framework.
- with PHP, use
- With HTTP-Post you must pass the content of the field containing the message, still Base64 encoded. For SAMLv2 it means the fields named
SAMLRequest
andSAMLResponse
. For ID-FFv1.2 it means the field namedLAREQ
orLARES
.- with PHP, use
$_POST["SAMLRequest"]
, and replace the name of the field by the appropriate name, - with Java, use
request.getParameter("SAMLRequest")
- with Perl or Python, it will depend upon you web framework.
- with PHP, use
Processing a request or a response returns LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE
(or emit exception ProfileCannotVerifySignatureError
or ProfileCannotVerifySignatureException
) ?¶
It means the message you received was not signed. It usually means that your peer choose to not sign the message. If this is not a problem for your, just add this call before the processing,
lasso_profile_set_signature_verify_hint(LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE);
or with python:
profile.setSignatureVerifyHint(lasso.PROFILE_SIGNATURE_VERIFY_HINT_IGNORE)
or with java:
profile.setSignatureVerifyHint(LassoConstant.PROFILE_SIGNATURE_VERIFY_HINT_IGNORE);
or with PHP5