cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get SAML Response with BTP SDK for Android

dbchris
Explorer

on ‎10-22-2021 1:31 PM

0 Kudos

Hello everyone,

I'm currently trying to authenticate a native Android app against an app on the BTP via SAML, using SAP BTP SDK 3.4.4 for Android. Registration works fine, but I need to access some information, that is contained in the actual SAML response.

My OkHttpClient is set up as follows:

final SamlConfiguration samlConfiguration = new SamlConfiguration.Builder()
	.authUrl(url + "/SAMLAuthLauncher")
	.build();
final List<ConnectionSpec> connectionSpecs = new LinkedList<>();
final ConnectionSpec strict = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
	.tlsVersions(TlsVersion.TLS_1_3, TlsVersion.TLS_1_2)
	.build();
connectionSpecs.add(strict);
OkHttpClient client = new OkHttpClient.Builder()
	.connectionSpecs(connectionSpecs)
	.addInterceptor(new AppHeadersInterceptor(applicationID, deviceId, null))
	.addInterceptor(new SamlInterceptor(new SamlWebViewProcessor(samlConfiguration, new SystemCertificateProvider())))
	.cookieJar(new WebkitCookieJar())
	.build();

I already tried retrieving my own user with the UserService contained in foundation.aar

UserService userService = new UserService();
userService.retrieveUser(serviceResult -> {
	if (serviceResult instanceof ServiceResult.SUCCESS) {
		log("success: " + ((ServiceResult.SUCCESS) serviceResult).getData().toString());
	}
});

but with this I only get the mail address, family name, given name and my user roles.

Is there a possibility to access the actual SAML response of my requests? I debugged the response of SamlInterceptor's intercept method, but only got a lot of headers. Any tips would be helpful!

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member291565
Discoverer
‎11-17-2021 1:29 AM
0 Kudos

Hi Christian,

The SAML attributes are included as the "detail" property in the response of user information REST API. (https://help.sap.com/doc/f53c64b93e5140918d676b927a3cd65b/Cloud/en-US/docs-en/guides/features/user-information/api/client.html)

I am not familiar with android SDK, and did not know whether the SDK handled the "detail" property correctly. According to https://help.sap.com/doc/f53c64b93e5140918d676b927a3cd65b/Cloud/en-US/docs-en/reference/android/kdoc..., the User class seems not include value of "detail" property.

So, I suspect that you might have to send REST API and parse response body by yourself.

Thanks and Regards,

Xiao-ming

Show replies
Show replies
guo-pingzhang
Advisor
Advisor
‎11-02-2021 4:05 AM
0 Kudos

Hi Christian,
I was hoping User service should return all SAML attributes. Can you let me know you're on NEO or CF? What attributes are missing? Can you give an SAML response as example?
Thanks,
Guoping

Show replies
Show replies
dbchris
Explorer
‎11-16-2021 7:53 AM
0 Kudos

Hi Guo-ping,

thanks for the answer. We are on CF and I'm missing the attribute SAPUID that you can see in the attached SAML response (I hid some values and left user roles/groups out in order to keep it simple). As far as we tried, we do not receive the SAPUID with the UserService.

Thank you and best regards

Christian

saml-response.xml

Ask a Question