Customizing SAML2 Response and SAML2 Assertion in WSO2

WSO2IS provides extensions to customize the SAML2 response and Assertion that is generated with SAML2 SSO web browser profile. You can find more on SAML2 SSO with WSO2IS from here as well.

Lets go through quick to on customizing SAML2 Response and Assertion.

Step 1. First, you need to implement a new SAML2 Response or Assertion builder class by implementing the SAMLAssertionBuilder and ResponseBuilder interfaces of the SAML2 SSO OSGI component (which is known  as org.wso2.carbon.identity.sso.saml)

Also, you can write your own implementation by extending the default implementations which are available in the org.wso2.carbon.identity.sso.saml component.

Here is simple sample implementation for both customized SAML2 Response and Assertion builder… In this customization, we are just only customizing the default signature algorithm that is used by WSO2IS to generate the SAML2 signature. By default WSO2IS uses RSA-SHA1 which is according to the specification.  But we are going to make it as RSA-SHA256

Step 2. Create a jar file using your customized implementation and copy it in to <WSO2IS_HOME>/repository/component/lib directory. You can just copy the sample jar file in here  which is used in above sample project.

Step 3. Register your custom class names using identity.xml file which can be found at <WSO2IS_HOME>/repository/conf directory.

You need configure the full qualified class name of your custom implementations under the <SSOService> element

For custom response builder  <SAMLSSOResponseBuilder>RSA-SHA256


For custom assertion builder  <SAMLSSOAssertionBuilder>


Step 4. Restart the server and see, It would pick your custom implementation.
Step 5. You can further debug your custom code by starting the WSO2IS server in debug mode as following.

>sh -debug 5005

Thanks for reading.