Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#452 Add SAML Decode support to MIME Tools

Next_major_release
closed
Don HO
None
7
2013-04-01
2013-02-05
Robert Meakins
No

The attached patch adds support within the MIME Tools plugin to decode SAML 2.0 messages. The HTTP-Redirect binding and the HTTP-POST binding are currently supported.

To use the SAML Decode operation, create a new document and copy/paste a SAMLRequest or SAMLResponse parameter directly into it. Delete all surrounding text (such as "SAMLResponse=") then select all text with CTRL+A and then select SAML Decode from the Plugins -> MIME Tools menu.

The code uses the "tinf - tiny inflate library" created by Joergen Ibsen to perform the inflate operation required to decode the HTTP-Redirect binding.

You may need to update some project settings (such as included files) as I used Visual Studio 2010 to develop the update. I didn't want to submit the updated project files as it might inconvenience others. Also feel free to modify the code or rearrange sections as required.

There is also an upper limit of 200KB on SAML messages to prevent too much memory from being allocated. If you have a SAML message that's larger than that, you're probably best off using a different decoder.

Currently, some SAML message types may not decode correctly and there may possibly be other bugs I'm not aware of. Please feel free to improve this plugin if you can.

This is an example of a message encoded with the POST binding (sampled from here: http://www.novell.com/communities/node/13224/useful-firefox-saml-tool-debugging-problems ):
PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIENvbnNlbnQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjb25zZW50Om9idGFpbmVkIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly93aW5kaWRwLmxhYi5ub3ZlbGwuY29tOjg0NDMvbmlkcC9zYW1sMi9zcGFzc2VydGlvbl9jb25zdW1lciIgSUQ9ImlkMEtMSlJGYWVKQlMwdXZVbkF5OFBRckNmSFpZIiBJblJlc3BvbnNlVG89ImlkVU9pNmNoLjkwT0tadmY4WFV2UXUwYk5Wa2NvIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDgtMTFUMTM6Mjg6MzVaIiBWZXJzaW9uPSIyLjAiPjxzYW1sOklzc3Vlcj5odHRwczovL2lkcDEyNi5sYWIubm92ZWxsLmNvbTo4NDQzL25pZHAvc2FtbDIvbWV0YWRhdGE8L3NhbWw6SXNzdWVyPjxzYW1scDpTdGF0dXM%2BPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiBJRD0iaWRROVVaazVzMm1WR0lKWmpwUjRnZ0ZIRndPNnMiIElzc3VlSW5zdGFudD0iMjAxMS0wOC0xMVQxMzoyODozNVoiIFZlcnNpb249IjIuMCI%2BPHNhbWw6SXNzdWVyPmh0dHBzOi8vaWRwMTI2LmxhYi5ub3ZlbGwuY29tOjg0NDMvbmlkcC9zYW1sMi9tZXRhZGF0YTwvc2FtbDpJc3N1ZXI%2BPGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI%2BPGRzOlNpZ25lZEluZm8%2BPENhbm9uaWNhbGl6YXRpb25NZXRob2QgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8%2BPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPjxkczpSZWZlcmVuY2UgVVJJPSIjaWRROVVaazVzMm1WR0lKWmpwUjRnZ0ZIRndPNnMiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM%2BPGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8%2BPERpZ2VzdFZhbHVlIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj5IN2xVT3lmNjZwcTcveWJ4ZG9OK3VvZGkrL0k9PC9EaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8%2BPFNpZ25hdHVyZVZhbHVlIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KUk1MaHZnKzVSekxGQ2s2NFh5RWlCbXBXeUhLNGY0cCt5VWdMRnhUbE8wWnorZUhMdGpJM0QxOXM3aitKNWEvOWFic3d4YUxJR3VDbwpCbTE1MEc2YWJyeGx5eFRxYjQreGVrWFVNTGR3ZkdlK3FrWVczZ3NOYXk4MzZ5THVkQzdMUkJGNS9uQlhPYUhnZ2w2Qm5DcVY2OGh1ClZjUzBtQWhVUGU5a2xySGtNZU09CjwvU2lnbmF0dXJlVmFsdWU%2BPGRzOktleUluZm8%2BPGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU%2BCk1JSUUzakNDQThhZ0F3SUJBZ0lrQWh3Ui82VFZCWEZLa2g3eDdWRnpCYVA2MjVUWXhjdm5xVVd0OVorZUFnSVBpeDd0TUEwR0NTcUcKU0liM0RRRUJCUVVBTURZeEdqQVlCZ05WQkFzVEVVOXlaMkZ1YVhwaGRHbHZibUZzSUVOQk1SZ3dGZ1lEVlFRS0ZBOXZjbU5vWDJodgpjM1F6WDNSeVpXVXdIaGNOTVRBeE1ESTRNVEV6T1RBd1doY05NVE14TURJNE1USXpPVEF3V2pCck1Sa3dGd1lEVlFRREZCQXFMbXhoCllpNXViM1psYkd3dVkyOXRNUXd3Q2dZRFZRUUxFd05PVkZNeER6QU5CZ05WQkFvVEJrNXZkbVZzYkRFUk1BOEdBMVVFQnhNSVRXRnMKWVdocFpHVXhEekFOQmdOVkJBZ1RCa1IxWW14cGJqRUxNQWtHQTFVRUJoTUNTVVV3Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQQpNSUdKQW9HQkFNR1E1cWZDSW51TEVPTG1mRllsanpuYW5lZGIyQklvVUFlUWJyR3JENk80dHZGQjFka3VwK2YxYW9zVEtFb01Vd25FCmdWU09od0duQWczbnhwaVJxNFAxSVlWeVNYVk5ac0pVNFFHSjUvMkphZnUxOG1EdWtBcFlOaTl4cWZMQUtvM1EwZjNOb3V5aVVudDcKTWNYaXJNUzY2dGVpemdBdzduU2xKMWRwTlhvOUFnTUJBQUdqZ2dJaE1JSUNIVEFkQmdOVkhRNEVGZ1FVMTRwMjBoZGlGZVQyVW1VbQpoOUNjYVVLMmlGWXdId1lEVlIwakJCZ3dGb0FVSi8yTzRNbFFRRWtIQVIyV1gwbnB2cjdnWllzd0N3WURWUjBQQkFRREFnU3dNSUlCCnpBWUxZSVpJQVliNE53RUpCQUVFZ2dHN01JSUJ0d1FDQVFBQkFmOFRIVTV2ZG1Wc2JDQlRaV04xY21sMGVTQkJkSFJ5YVdKMWRHVW8KZEcwcEZrTm9kSFJ3T2k4dlpHVjJaV3h2Y0dWeUxtNXZkbVZzYkM1amIyMHZjbVZ3YjNOcGRHOXllUzloZEhSeWFXSjFkR1Z6TDJObApjblJoZEhSeWMxOTJNVEF1YUhSdE1JSUJTS0FhQVFFQU1BZ3dCZ0lCQVFJQlJqQUlNQVlDQVFFQ0FRb0NBV21oR2dFQkFEQUlNQVlDCkFRRUNBUUF3Q0RBR0FnRUJBZ0VBQWdFQW9nWUNBUmNCQWYramdnRUVvRmdDQVFJQ0FnRC9BZ0VBQXcwQWdBQUFBQUFBQUFBQUFBQUEKQXdrQWdBQUFBQUFBQUFBd0dEQVFBZ0VBQWdoLy8vLy8vLy8vL3dFQkFBSUVCdkRmU0RBWU1CQUNBUUFDQ0gvLy8vLy8vLy8vQVFFQQpBZ1FHOE45SW9WZ0NBUUlDQWdEL0FnRUFBdzBBUUFBQUFBQUFBQUFBQUFBQUF3a0FRQUFBQUFBQUFBQXdHREFRQWdFQUFnaC8vLy8vCi8vLy8vd0VCQUFJRUVmK2sxVEFZTUJBQ0FRQUNDSC8vLy8vLy8vLy9BUUVBQWdRUi82VFZvazR3VEFJQkFnSUJBQUlDQVA4RERRQ0EKQUFBQUFBQUFBQUFBQUFBRENRQ0FBQUFBQUFBQUFEQVNNQkFDQVFBQ0NILy8vLy8vLy8vL0FRRUFNQkl3RUFJQkFBSUlmLy8vLy8vLwovLzhCQVFBd0RRWUpLb1pJaHZjTkFRRUZCUUFEZ2dFQkFGbHluSjdWK0d4ZXJlRk4wWVV1MHdremErRGZ0RzFZRCtXeUJVbG1VZGFWCmhsNkpRL1owdXBjNTRQb0k5VEFUMlRIR2VibE9lMzAyZVNicER2UFlQaUEvMjRPV0VBdUsrVW96WDlEOWc4RDRiTnQ3emFvMTQrb0gKMmVQM2ZZSnJVeG5XeW05RDRuM1FHZGtxMmdKWmdPQmtXN0NSd2U1Y3ltZSs3enRkQkxXRHF5VjZUK1RYT1k0S0U5WS8wcjJScWd0QwpNb0Qxd1hBaTIybTBsN09mSjZOdDJreC9XSXdxYUhmVWZvOUUyQmc2bDBIamNnamlkbVNRR3B1bUpKNzRpOER3VnNpSzRNVVM5ajkvCjhOODZ5SWc1Sm4za1FmNFE3ckQ0VWpldTFmTGxmQWlqM1IxbE8rR2lBU0R2RFd6a3dJZzBHYUpGUVQ0MHNIRGRyM1hGWWJnPQo8L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnBlcnNpc3RlbnQiIE5hbWVRdWFsaWZpZXI9Imh0dHBzOi8vaWRwMTI2LmxhYi5ub3ZlbGwuY29tOjg0NDMvbmlkcC9zYW1sMi9tZXRhZGF0YSIgU1BOYW1lUXVhbGlmaWVyPSJodHRwczovL3dpbmRpZHAubGFiLm5vdmVsbC5jb206ODQ0My9uaWRwL3NhbWwyL21ldGFkYXRhIj5UcTE1VXh6R2J0Y2NqUG12MDRienJ0YUM5S2JiZ2ZHdmNSQkVYdz09PC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI%2BPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgSW5SZXNwb25zZVRvPSJpZFVPaTZjaC45ME9LWnZmOFhVdlF1MGJOVmtjbyIgTm90T25PckFmdGVyPSIyMDExLTA4LTExVDEzOjMzOjM1WiIgUmVjaXBpZW50PSJodHRwczovL3dpbmRpZHAubGFiLm5vdmVsbC5jb206ODQ0My9uaWRwL3NhbWwyL3NwYXNzZXJ0aW9uX2NvbnN1bWVyIi8%2BPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24%2BPC9zYW1sOlN1YmplY3Q%2BPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTEtMDgtMTFUMTM6MjM6MzVaIiBOb3RPbk9yQWZ0ZXI9IjIwMTEtMDgtMTFUMTM6MzM6MzVaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHBzOi8vd2luZGlkcC5sYWIubm92ZWxsLmNvbTo4NDQzL25pZHAvc2FtbDIvbWV0YWRhdGE8L3NhbWw6QXVkaWVuY2U%2BPC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24%2BPC9zYW1sOkNvbmRpdGlvbnM%2BPHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDExLTA4LTExVDEzOjI4OjM0WiIgU2Vzc2lvbkluZGV4PSJpZFE5VVprNXMybVZHSUpaanBSNGdnRkhGd082cyI%2BPHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjxzYW1sOkF1dGhuQ29udGV4dERlY2xSZWY%2Bc2VjdXJlL25hbWUvcGFzc3dvcmQvdXJpPC9zYW1sOkF1dGhuQ29udGV4dERlY2xSZWY%2BPC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ%2BPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZSB4bWxuczp4c2Q9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiBOYW1lPSIvVXNlckF0dHJpYnV0ZVtAbGRhcDp0YXJnZXRBdHRyaWJ1dGU9JnF1b3Q7Y24mcXVvdDtdIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVuc3BlY2lmaWVkIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHNkOnN0cmluZyI%2BbmNhc2hlbGw8L3NhbWw6QXR0cmlidXRlVmFsdWU%2BPC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgeG1sbnM6eHNkPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgTmFtZT0iR3JlZXRpbmciIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dW5zcGVjaWZpZWQiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4c2Q6c3RyaW5nIj5Ib3dheWE8L3NhbWw6QXR0cmlidXRlVmFsdWU%2BPC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgeG1sbnM6eHNkPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgTmFtZT0ibGRhcG1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4c2Q6c3RyaW5nIj5uY2FzaGVsbEBub3ZlbGwuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU%2BPHNhbWw6QXR0cmlidXRlIHhtbG5zOnhzZD0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIE5hbWU9InJvbGVzIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHNkOnN0cmluZyI%2BZ2Vlazwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHNkOnN0cmluZyI%2BTlRTPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4c2Q6c3RyaW5nIj5hdXRoZW50aWNhdGVkPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU%2BPHNhbWw6QXR0cmlidXRlIHhtbG5zOnhzZD0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIE5hbWU9ImN1c3Rfc3RyaW5nXzEiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dW5zcGVjaWZpZWQiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4c2Q6c3RyaW5nIj5uY2FzaGVsbEBub3ZlbGwuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU%2BPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U%2B

And this is an example of a message using the HTTP-Redirect binding (from the wikipedia page here: http://en.wikipedia.org/wiki/SAML_2.0 ):
fZJNT%2BMwEIbvSPwHy%2Fd8tMvHympSdUGISuwS0cCBm%2BtMUwfbk%2FU4zfLvSVMq2Euv45n3fd7xzOb%2FrGE78KTRZXwSp5yBU1hpV2f8ubyLfvJ5fn42I2lNKxZd2Lon%2BNsBBTZMOhLjQ8Y77wRK0iSctEAiKLFa%2FH4Q0zgVrceACg1ny9uMy7rCdaM2%2Bs0BWrtppK2UAdeoVjW2ruq1bevGImcvR6zpHmtJ1MHSUZAuDKU0vY7Si2h6VU5%2BiMuJuLx65az4dPql3SHBKaz1oYnEfVkWUfG4KkeBna7A%2Fxm6M14j1gZihZazBRH4MODcoKPOgl%2BB32kFz08PGd%2BG0JJIkr7v46%2BhRCaEpod17DCRivYZCkmkd4N28B3wfNyrGKP5bws9DS6PKDz%2FMpsl36Tyz%2F%2Fax1jeFmi0emcLY7C%2F8SDD0Z7dobcynHbbV3QVbcZW0TlqQemNhoqzJD%2B4%2Fn8Yw7l8AA%3D%3D

1 Attachments

Discussion

  • Don HO
    Don HO
    2013-03-05

    • status: open --> accepted
     
  • Don HO
    Don HO
    2013-03-05

    Hi Robert,

    Thank you for your contribution.

    You'll be credited in both saml h and cpp files

    //this file is part of MimeTools (plugin for Notepad++)
    //Copyright (C)2013 Robert Meakins
    //
    //This program is free software...

    Are you OK with that? Do you want to add your email after your name? If yes, which one?

    Don

     
  • Robert Meakins
    Robert Meakins
    2013-03-07

    Hi Don,

    Thanks - yes, happy with that :) please use my Gmail address in the text.

    Cheers,
    Robert

     
  • Don HO
    Don HO
    2013-04-01

    • status: accepted --> closed