lucee saml auth request not recognized by firefox saml tracer

Question

Using example below why my saml request not recognized by firefox saml tracer ?

<cfset uid=createUUID()>
<cfset setIssueIns=datetimeFormat(now(), "yyyy-MM-dd'T'HH:nn:ss'Z'")>

<cfset samlRequestXml='<?xml version="1.0" encoding="UTF-8" standalone="no"?><saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="http://yoursite/sso.cfm" Destination="https://youridp/sso" ForceAuthn="false" ID="#uid#" IsPassive="false" IssueInstant="#setIssueIns#" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"><saml2:Issuer>http://yoursite/sso</saml2:Issuer></saml2p:AuthnRequest>'>

<cfscript>

    // write the request to a file
    fileWrite(expandPath("./temp/#uid#.xml"), samlRequestXml);
    
    // Use cfzip to compress the file
    cfzip(action="zip", file=expandPath("./temp/#uid#.zip"), source=expandPath("./temp/#uid#.xml"));
    
    // read the compressed data
    zipData = fileReadBinary(expandPath("./temp/#uid#.zip"));
    
    // Encode the compressed data
    encodedRequest = binaryEncode(zipData, "Base64");
    
    // URL encode the encoded data
    samlreq = urlEncodedFormat(encodedRequest, "UTF-8");
    
</cfscript> 

<cffile action="delete" file="./temp/#uid#.zip">
<cffile action="delete" file="./temp/#uid#.xml">

<br>
<form name="form1" method="get" action="https://youridp/sso">
    <input type="hidden" name="SAMLRequest" value="<cfoutput>#samlreq#</cfoutput>">
    <input type="submit" name="submit" id="submit" value="send request">
</form>

this is what saml tracer show

i am expecting saml tracer would look like this

what is the correct way to do this ?

Answer 1

It's possible that the auth request isn't being deflated/encoded properly. Instead of using cfzip, I would use Java to deflate and base64 encode the string. Here's some code that I recently used to get a SAML Auth request working:

var samlRequest = '[your SAML request here]';
function encodeRedirectFormat(samlXML) {
    // Create a ByteArrayOutputStream
    os = createObject("java", "java.io.ByteArrayOutputStream").init();

    // Create a Deflater with default compression
    deflater = createObject("java", "java.util.zip.Deflater");
    deflater = deflater.init(deflater.DEFAULT_COMPRESSION, true);

    // Create a DeflaterOutputStream
    deflaterOutputStream = createObject("java", "java.util.zip.DeflaterOutputStream").init(os, deflater);

    // Write the UTF-8 encoded bytes of samlXML to the DeflaterOutputStream
    deflaterOutputStream.write(samlXML.getBytes("UTF-8"));

    // Close the DeflaterOutputStream
    deflaterOutputStream.close();

    // Close the ByteArrayOutputStream
    os.close();

    // Convert the byte array to Base64 string
    base64 = toBase64(os.toByteArray());

    // URL encode the Base64 string
    encodedBase64 = URLEncodedFormat(base64, "UTF-8");

    return encodedBase64;
}
samlRequest = encodeRedirectFormat(samlRequest);

I will admit that I know very little about SAML, and chatGPT did most of the work writing this function. However, it was not generated for the purpose of answering this question, and it is working code that is currently being used in production in an app I work on.