I am trying to develop an integration scenario which requires a call to an external Electronic Identification service using SAML 2.0 protocol. I need to create an XML message in eIDAS format, which should be signed using SAML protocol, in order to make an authetication request.
This is a request message example provided by the WebService (which is called Cl@ve 2.0) .
<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:eidas="http://eidas.europa.eu/saml-extensions" xmlns:eidas-natural="http://eidas.europa.eu/attributes/naturalperson" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" AssertionConsumerServiceURL="https://pre-pasarela.clave.gob.es/SP2/ReturnPage" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" Destination="https://se-pasarela.clave.gob.es/Proxy2/ServiceProvider" ForceAuthn="false" ID="_r1LZ7loli5ZpGJtb6avNQiVvGFX1qgenzkP6v--cWHCNZBIcjn8EtHe4l2xB1E_" IsPassive="false" IssueInstant="2018-07-30T07:32:22.571Z" ProviderName="S2833002E_E04975701;Demo-SP" Version="2.0">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
<ds:Reference URI="#_r1LZ7loli5ZpGJtb6avNQiVvGFX1qgenzkP6v--cWHCNZBIcjn8EtHe4l2xB1E_">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="eidas-natural"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
<ds:DigestValue>WowdQOy1xyCBZeNIe2CtqXXjr5rWyga2qzflk93EUpWmmCjeU83WpsIyPWy44CIXkdsOL+r3M3n4epCC5LMlOg==</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>H4LznEe1vzhRjw9MMvp4LlkTONWh2rhK1kli4+ivQOnX6TSFApXaekPAq6AleZjaP209HNQyaG4QOHe9aqfzC08rBaSIdbS/GGL/Z17mYz/oWOI7QafQVqCWHc4m08KeLf4bnWZKXXWlWcQNYw+k/rHleiO0Ulesi5Ro5BWKmMqehrjK/XRkyvH2aX6gylOZZAG27g627VpuxKw8NarM4FVb5dZ2OGKoFQojvBtUbZNecwM5+MRrMUBQKjOi05VPNCevIFB7JG17YnH5GPexGAhe1VDKV2tXWHcKPKnytgNk97d0JLDcJzEWZ0jjtTdRxcfqhkNsoJcVlUr7/jBWVw==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIF/TCCBOWgAwIBAgIQUj5ofy7TYXhWsKBZVz6lxDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQG
EwJFUzERMA8GA1UECgwIRk5NVC1SQ00xJTAjBgNVBAsMHEFDIENvbXBvbmVudGVzIEluZm9ybcOh
dGljb3MwHhcNMTYwMjAyMTIyNjAxWhcNMTkwMjAyMTIyNTU5WjCB2DELMAkGA1UEBhMCRVMxDzAN
BgNVBAcMBk1BRFJJRDE8MDoGA1UECgwzTUlOSVNURVJJTyBERSBIQUNJRU5EQSBZIEFETUlOSVNU
UkFDSU9ORVMgUMOaQkxJQ0FTMUswSQYDVQQLDEJESVJFQ0NJw5NOIERFIFRFQ05PTE9Hw41BUyBE
RSBMQSBJTkZPUk1BQ0nDk04gWSBMQVMgQ09NVU5JQ0FDSU9ORVMxEjAQBgNVBAUTCVMyODMzMDAy
RTEZMBcGA1UEAwwQRFRJQyBBR0UgUFJVRUJBUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALBcouy5wk1P1Lwq38b+mVbZfoqskPBepawieHarQ1NrkJJV+hIYOngGX/4DdpoUKr/ezAqr
Niu0mH1WxPI+eRLse1loUbjwQTgxnJI9QP0v79L6g0UqLyFcwyy7/dIxVkJUIq7qPHXbjvlgu5fC
w6uB8h0EQ2JlrpKfqtdkh+ipDmUfinageM11sMXEebS+YxO0iiqK0WgHPG27dSzd0Tfo2SKQ/XHs
guTtrIoV4kktGhkb7IEpO8+G8QzHd347HiQAy/MruzeLAJjaBhcYzkCmMFw5xWc7k6PB0S82heFB
6RN+4RGYP149VINGSQrS0WqIXrXJCHLQb5c7HBeNpm0CAwEAAaOCAlEwggJNMAkGA1UdEwQCMAAw
gYEGCCsGAQUFBwEBBHUwczA7BggrBgEFBQcwAYYvaHR0cDovL29jc3Bjb21wLmNlcnQuZm5tdC5l
cy9vY3NwL09jc3BSZXNwb25kZXIwNAYIKwYBBQUHMAKGKGh0dHA6Ly93d3cuY2VydC5mbm10LmVz
L2NlcnRzL0FDQ09NUC5jcnQwRAYDVR0gBD0wOzA5BgorBgEEAaxmAwkCMCswKQYIKwYBBQUHAgEW
HWh0dHA6Ly93d3cuY2VydC5mbm10LmVzL2RwY3MvMC4GA1UdEQQnMCWkIzAhMR8wHQYJKwYBBAGs
ZgEIDBBEVElDIEFHRSBQUlVFQkFTMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIE
sDAdBgNVHQ4EFgQUmUPaCKS1GXULRv7TYGFMG6BxmcQwHwYDVR0jBBgwFoAUGfhYLxTWpsybBJgI
DUzXqwCng2UwgeAGA1UdHwSB2DCB1TCB0qCBz6CBzIaBnmxkYXA6Ly9sZGFwY29tcC5jZXJ0LmZu
bXQuZXMvQ049Q1JMMSxPVT1BQyUyMENvbXBvbmVudGVzJTIwSW5mb3JtYXRpY29zLE89Rk5NVC1S
Q00sQz1FUz9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeT9iYXNlP29iamVjdGNsYXNz
PWNSTERpc3RyaWJ1dGlvblBvaW50hilodHRwOi8vd3d3LmNlcnQuZm5tdC5lcy9jcmxzY29tcC9D
UkwxLmNybDANBgkqhkiG9w0BAQsFAAOCAQEATlZ3DPFz1gQ32YOYIILzf99kuk2wFYULg+XaDqis
/y/S6bphKF3xbtyxsIX+lx0zI17dyDTKA+6sWNHiiuH4YjXkqbxbI8EYHfeRzbRK3S4Gj1yatGVt
hsCK6wDrlr8Rrj8QgntFAM+/kfysGJlHEiFsgTN2iXfOsjmXNNK1LwSbQ3GCwPaLYKZonNsEj8P/
S5r91ICejfGlVZp1AEXyP3jJzibr0SKxwEt32r/+ZjTmQgrLuAmGrgcVsjAAm2Cp7usJYaS/SyPF
j1QDUlZoVOuo4dfgFUZLCVBfMUBY73WNazVAojqZhG9d8tAgg2c64nusuMDY+25MLUKFzsbzFg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2p:Extensions>
<eidas:RequestedAttributes>
<eidas:RequestedAttribute FriendlyName="RelayState" Name="http://es.minhafp.clave/RelayState" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false">
<eidas:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="eidas-natural:PersonIdentifierType">_v1m7pcn</eidas:AttributeValue>
</eidas:RequestedAttribute>
</eidas:RequestedAttributes>
</saml2p:Extensions>
<saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
<saml2p:RequestedAuthnContext Comparison="minimum">
<saml2:AuthnContextClassRef>http://eidas.europa.eu/LoA/low</saml2:AuthnContextClassRef>
</saml2p:RequestedAuthnContext>
</saml2p:AuthnRequest>
I am unable to find ABAP libraries to make external request calls. I am also researching about SAP PI, but I cannot find any proper documentation about this kind of scenarios.
Bluesky
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.