I am starting to use ruby-saml for one of the projects. IDP that I am using is expecting POST for authentication request with HTTP body containing SAMLRequest. Looking at the source code for authrequest.rb, create method can only do GET instead of POST.
I decided to call the create_params and get the base64 token which I can use from my view to do a POST.
When I use the following code
params = {}
request = OneLogin::RubySaml::Authrequest.new
token = request.create_params(saml_settings, params)
p token
p token["SAMLRequest"]
p decode(token["SAMLRequest"])
When i try base64decode.org or call the decode method, I get encoding for is not correct.
1) Can I do a POST instead of a GET?
2) What am I doing wrong in creating the request for it to be bad encoding?
thanks
1) Can I do a POST instead of a GET?
Yes, but support POST-binding is not just replace GET parameters by POST parameters...the signature on POST-binding is embed on the SAML message and is not another GET parameter.
2) What am I doing wrong in creating the request for it to be bad encoding?
thanks
The AuthNRequest is not only base64encoded, but also deflated.
Try use Base64 Decode + Inflate
You will find that thread interesting:
https://github.com/onelogin/ruby-saml/issues/124
Related
I created an AWS API-gateway for an HTTP method PUT. When I do a test in API-gateway, that works fine, but when I call it from a REST client, I get 404 bad-request and missing authentication token errors. I didn't set any authorization to true or a required API key to true.
I passed these query parameters to a REST client:
auth_id : 8798iuyiu123123
time_stamp :1231231
test_json : [{"id"=>"1","value"=>"mount"},{"id"=>"2","value"=>"chart"}]
HEADER
content-type : application/json
When I change the test_json value to %5B%7B%22id%22:%221%22,%22value%22:%22test%22%7D,%7B%22id%22:%222%22,%22value%22:%2213+%D8%B4%D8%A7%D8%B1%D8%, then I get the response.
i am new to react, calling from react
Request.put('https://api-gateway.sqwdwed123.com/eretw/update-chart')
.set('Content-Type', 'application/json')
.query({ auth_id: localStorage.auth_id})
.query({ time_stamp:this.props.time_stamp})
.query({ test_json:JSON.stringify(newadd)})
should i pass this test_json through body?
Am I doing anything wrong?
This is usually related to requesting a URL that doesn't exist. Please make sure you're using the correct HTTP method and resource path to a valid resource (the sample invoke URL does not include any resource path). If this still doesn't work. Make sure you actually deployed your API.
The HTTP Response of Bad Request is because you have the Query Parameter that are not URL Encoded. There are 2 things that you can do now:
Pass the test_json as Query Param but making sure that they are URL Encoded. This will put a restriction on the size of the string and hence Not Recommended.
Pass the test_json as Request Body. (Recommended)
As you can see that postman returns expected result
but res.asString() gives [] in the blow code,can you tell me why?
def "simple test"(){
String url="http://xxx.xxx.xxx/assessment/api/Test.html"
when:""
io.restassured.response.Response res=RestAssured.given().header("Content-Type", "application/x-www-form-urlencoded").formParam("Action", "getDiagnosisList").formParam("Data", "[{\"subject\":\"冠心病\",\"option\":\"是\"}]").post(url)
then:""
res.prettyPrint()=="[\"身体健康状态不良\",\"医疗处置\"]"
}
It turns out that Chinese characters can't be encoded correctedly by default,after adding blow code,everything worked as expected:
RestAssured.given().config(RestAssured.config().encoderConfig(EncoderConfig.encoderConfig().defaultContentCharset("UTF-8")))
Maybe the request did via postman has not been cached, and on the other hand the same request via restassured is using some kind of cache. Recently I was having a similar issue because of it was hitting the varnish server. I'd recommend you to take a look at the response headers from both postman and restassured.
I'm using the Python Requests library with the Valence-provided Python SDK to attempt to do a GET request. Something odd is happening with the URL and I'm not sure what. The response I get is 200 (which leads me to believe that the authentication is working), but when I try to print the JSON from the Request object, it instead prints the HTML of the page instead of the JSON.
I'm using modified code that I read from http://docs.valence.desire2learn.com/clients/python/auth.html.
Here's the Python code:
import requests
import auth as d2lauth
from auth import *
app_creds = { 'app_id': '----', 'app_key': '----' }
ac = d2lauth.fashion_app_context(app_id=app_creds['app_id'], app_key=app_creds['app_key'])
auth_url = ac.create_url_for_authentication('ugatest2.view.usg.edu', 'http://localhost:8080')
redirect_url = "https://localhost:8080?x_a=3----&x_b=3dMRgCBAHXJDTA2E6DJIfdWq-gYl-pk77fF_3X5oDUuqc"
uc = ac.create_user_context(auth_url, 'ugatest2.view.usg.edu', True)
route = 'ugatest2.view.usg.edu/d2l/api/versions/'
url = uc.create_authenticated_url(route)
r = requests.get(url)
print(r.text)
The output is the HTML of a page instead of JSON. If I do print(r), I get a status of 200. I think my redirect URL may be the issue, but I'm not sure what exactly is wrong. Thanks for any help!
Two things look off to me:
Using auth_url to create a user context isn't going to work, that's the URL you need to send the user to so they can authenticate. You need to use the URL you were redirected to after authenticating to build the user context. Assuming redirect_url is that URL, you should be passing that to create_user_context and not auth_url.
ugatest2.view.usg.edu/d2l/api/versions/ is not a valid value for passing to create_authenticated_route, /d2l/api/versions is probably what you want. The SDK will prepend the scheme, domain, and port so including those in the value passed is going to result in an incorrect URI.
Once your app is working properly, you'll be able to access a JSON response by using r.json() rather than r.text.
I have this request that comes in like this:
Parameters: {"kpi"=>{"action"=>"create", "users"=>[{"las_name"=>"Doe", "user_id"=>"123", "first_name"=>"John"}, {"las_name"=>"Smith", "user_id"=>"456", "first_name"=>"Anna"}, {"user_id"=>"789", "last_name"=>"Jones", "first_name"=>"Peter"}], "controller"=>"api/kpis"}, "users"=>[{"las_name"=>"Doe", "user_id"=>"123", "first_name"=>"John"}, {"las_name"=>"Smith", "user_id"=>"456", "first_name"=>"Anna"}, {"user_id"=>"789", "last_name"=>"Jones", "first_name"=>"Peter"}]}
but it comes as JSON in a POST request so I am not sure how to get it into a local variable.
Any idea how to do that?
Thanks!
The fact that the parameters are showing up like that means that your create action is properly set up to handle JSON as a transport mechanism. Based on that snippet, you can access these parameters via the params hash.
kpi = params[:kpi]
#users = kpi["users"]
We have a function in our Rails code that accepts a JSON POST body:
contacts = ActiveSupport::JSON.decode(request.raw_post.gsub("+", ""))
(I'm aware that I can get this from params["_json"] as well, but we have extremely large (MBs) POST bodies that do not get put into params["_json"] for some reason (and + throws errors too).
Since the JSON is usually sent from a mobile client, it's important to us to optimize the upload size. We want to switch to having the POST body gzipped.
However, no matter what we do, we get the same error with no line number:
MultiJson::DecodeError (743: unexpected token at ''):
We have tried:
gzipped_contacts = Zlib::GzipReader.new(StringIO.new(request.raw_post)).read
contacts = ActiveSupport::JSON.decode(gzipped_contacts.gsub("+", ""))
This:
gzipped_contacts = ActiveSupport::Gzip.decompress(request.raw_post)
contacts = ActiveSupport::JSON.decode(gzipped_contacts.gsub("+", ""))
And the solution found here: Rails: how to unzip a compressed xml request body?
I'm pretty sure this is not occurring at the controller level because I can't log anything there, so it needs to be done in the middleware or at the server (but I can't find anything for Nginx that lets us deflate). Please assist!
Ok, turns out the iPhone client was sending the wrong headers. So the solution for anyone encountering this is to see the advice here:
Rails: how to unzip a compressed xml request body?
And verify that you are sending Content-Type: gzip/json.