saml delegation

assertions/fbhcfgee

+H6GNGExp4J8vHLeTGCaV86oeLsJfYXpYHoldMn6TckgUiapgt-ctIRHdRbIKasYW8rvsZufORIw_
+ylH6fLW4SH3WUNw4LrnsrLq9CwtnSpd2bNRBXgS9mDx9oMUfbCLnh28GU9JYBIObpFiPDZRBMRzB
+Jtemq5e7T3EFOGReOFf8YAWYVbJ7kl10C8O65A3SXU3nTD2q8HFJgnBpl4tLdygXS5PJHjZ77I5N
+cc6SI0DWgiv6AhNfs1nC1Hll7ouCC9JYebDrgGZ76yBJOEkms6v8yV1WFG4kd8QYnhmWHSOJ3ZpX
+92kP9U-ywE03VvJnvSpFB4YoS6jYJBThPL0o1e4HKy9zns3LUpeH3N37JLXxWIXv_UBh6pli4Jnk
+f1mDRgtEN9rRSHaILO1ACb2JbECXBTkfhN153CjO4DYkvaRFFw0KXnZqbEs_O49QfccKVuxj8JnZ
+BEyYYOUY5BoiTsRc3fIhotXKlWD5QBsjXB2EcuFYBujLx6z8Xxg-fDYaFgMQXTKJxmkbg4EJHLoG
+L02ar7-U_c0h2J6ewyZDg3O3vALxNuOz18rwlXm7x-3hqoIIvmice4XUnmuJTRz1At8OeBx7P2_E
+uqMMUWoPW-B3JkYTUjkxom-lm7pMwWdRxBCYEpvsKswrA2HlwN3EvciU3ZkxcFw3ckhlVsdOpWCF
+LxGT5x2d4Yp9TWANNIosG9gQrHTZk7FB_JHhJCiftxBkR9j51yKejWWr7zIkRQdagXlXdkzcVhUz
+XrKFYTLqKZRXWUxNhc4SeX2QqVXB1XAGzmebuK4K8FvoPB-T1aDFqqDF6MuHG3OnESkIrRODQsux
+h9gV1zwrSKJbhYb3q4sTz7iRkYpy7yjVF9TgDczQI8SLoW5XyOgrrKxOCbkq_1E23rLANJSVFY0X
+Hfh3U5uAzgqzWLf7vc9x-22uVKkWmCa428_mjq44J1whm_GwCpznij8agEn6mKxlY6Bnnro5VQft
+m-ypsnqQnUtYZr2tRBUrlUTCTG4jthlKtu1RbVahOwk8GYtcX4nEuWceOTPiz3iQB5KYylv8GoDM
+EX5zrLTfWfBHoHcMpQO7QtiMfygsgop6Pf165XkTBv396Atp2Y-yWGbLcR7tvYsDBAvQ6Z5bsZSf
+tKiTECQEtVp7d5_aZSVZElyT2qQtolAHygwzBQKizzCSFgDpg7asXtElR3JMmBXt8uuQ-z6mR54z
+zvQgiTL4Q5l9A_NMqMtxaKw1ws6YuFbkorNZjm_c0i_eIJSbYdNqKGco2rG-z2eshdSZPyBBTfyv
+MaFyR8GAGeJhdCWE9PkTq4jyHIVzs6hKc9OuzqT_oVt5fJVOhzSLrB3ptrNbJdrZt3PHJFYiaHdP
+YGs3Y9GFpIYzRoLiidPVFuCWkRfZCbjKftvc_70yetgF3nx1c2_tseB_1vKV-udQMJhFbeiVOpA9
+tSti_NX_q3iRAmXo5jCrZEYBt1I7SjUn3suvkkVna-UaiUeoncl8ATg22_F7lv1nKUZJ32bpKeTb
+7WY-wAYYqebb_Hj-bH7BIX9sv1768buLM_XmiOBGydx1AmDHvpiboR8-9UdW02n5AnOrWh4JVcYA
+e9vGhHQZjo2hPRGy2cMmzAaVxhZkJTYCcwH-yvQwIgIE1cxjDnXv9bZWrZZeRpWdaaumEyXfUZv4
+_zik7-8AJuBjlczb6v63nNa1BUzMAXjXQ2G8U07EV0d_CzzU4mcgOYkeNq7IMbe6I522dq_i5eTY
+a3y__zI7FQxN1KpSOSokmm9haEm0MuyxWbFn1c-QjVprnhC7YojF-p-FLGx8PgD_tappyNKP2gyQ
+ba_COv3d9gGSkUh6I6rU20jgsOfD4yZ2CWu81WK3RKtlixGhJXhSO2C0Gv0HOVo1fz1Rcb25EtS0
+6ra6ZlQII333k4TYBzwKH_2xgU_1chKZBqSvVHWeirOml7ETye6CD-NQ4Tj7UyO8V5WNhnu0LzZS
+doiREk_lpzor7EU_MehB0aIOMVBKf5S1bvCkF61qLL0mJEVtMThsi8ObuzA0udE4cvx8LWUeaPdM
+x00SZJhKu5WNJ8RifYHWvFhlo4BRImo8nOEvzDcouMIqQPj2S50Dkm0mY_V3u_6KLQi-c4kbjr8g
+uFIUYhe-DFGEETpkAGV_dhGVD3OZTBS1J__hG7B5pBrTvkUvx3KKXBSSVDPFXKlBJ5boqmDHhFAK
+mohYyHzja1Z2aGyS4nMdi9BYSaTyK4fr6zBlkf1XE2MDlhgBnW69dcenkx4HU_Dkf-iVf91i7NUS
+XvwCnca892lWJgthskizwfe4bIZrn45HzXbjq6z-eeo5UXgilRs35JYw_9semmCzg8Z-nhIszro8
+m2oQThCFGH-XHKAwRY8SpeUdNR20wxh4WrO84Wb3Ypu3xwbpmTi4VbliRiAj4v9wDOVjmkQppbds
+xAaJLn8t9Vi39eJ3bGSEozm-jMxIpF6pHMfCoQOyG6WGZmftK7L-x5Asns-ZRJVXLMIV3hIZZU78
+et8I9lpb30kZngE7mVQp8PEVbs0TaNbRxEp-zqKK39vjo4bS0Xg1DKRvxtvYZ_OZ1cZJHOnA8EuV
+rw0Nmi8Mhc4gEwGYtK2wIc8t0U9iyxGMQelyPTwd5SStV4fy0FH8r_XpGvKqeOK13Hb63EjcgVlI
+fdRQVkkmy1EnffIxCymBPaO-KUXTa1ThZ6dSRBzQi65uxFUP1stOcsLtAunG5fPawcU1GTMLszfw
+UcLC1NSJ3FE-3rFV3rVRPjnp1Vy-zuXamg0z1syoxbOyNNicphmdJ_Ku6Gkdo6xcyYBIAb8Xi6mw
+JR-sJftkZIsKS_dwRyg0oYRZQgr7URnzEVVJ19Tv4-bwNi7ZlhN_E_WWhQqKkpwTm9EhKR_fYOr_
+Rx27X5xr48hCWYKmLbDfPaRHqkB5hOR9tbfwqdQrHIUoKdPBStRNNJuTP1_dRvY_Lc3M4yZjjO68
+xJi9YevPfghj2pmYpMIMBp7tCp4jAmtLyOmdwsxMPdqNJeKbm3uXvhxCaHW6SuDQTcmicvjz0U0N
+WLKFZap4_RtqWNWo3TQVTsYC2aM1nDEfzO5VPkNOB-2VDaEHoAtsPxnrwGLSJs8k1O3VzzoBM1cu
+m1i8D7tEtkw3I7WSQbzL-IscBLsezP3HPL6maG0dHCf9gcl1RxceBhNOWHaE6UQrNcVzEzxaoWZI
+tlP__nGmQ0iObfDi2OF433IMGlIgIL9DNWh0YCKZ13XxGtJD6FBpetJKh1sPluTfvGLjJchPdxP3
+qGsEBtBwWExk39P4wnRtNO62sfAO3tHnDR_rHG6vFwkf-9FhZLL-1QkjpcFBdUpaLHlS1q1fhJmc
+XtwRXriTQH4EnqQTKCYdw3l2IgU_X9chVScZoeF5Druc9aP9ffV0RIlbgHCrocfvvyX_OxYbEPYR
+9WRZ_s9FpRhpkGWSXowv18O8XYhG88Au74glE8v_Dvjn6qGqYvPaqPT9-8wiXAxQubCRYqc3pAFf
+LNB6YalHn2ZCp_nxKdqEJQ9gRG-sSEsvJSFsGtvH4Jsys7cjgBd0B8XyC1YEPlho0E5HpiuSmha6
+sSEcfq9JDKA62rujw7wS_7hJgQvmK_hq-R26QTn8B24D8NYDRXr2JhARsGaSKW9RuzD4DplgjUS_
+LdPU8Sq83x5pwUYrWxLgD2sQAlKrgtT9vgqWV67F9xvaDmrKKUL2uD3ch9FPU3ctjD33rX6yUWGt
+81zGTzNJ3UVO4K4ZOknLcjCk2vl9i6Lkersk5sBm54b_s6ldobGtz-d4kV_u-D82IrPfdLMYkV72
+UDwZjIJ6jaipztNlJjA

pom.xml

@@ -17,6 +17,14 @@
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-maven-plugin</artifactId>
 			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<version>2.19.1</version>
+				<configuration>
+					<skipTests>true</skipTests>
+				</configuration>
+			</plugin>
 		</plugins>
 	</build>
 
@@ -39,6 +47,14 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-thymeleaf</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-data-jpa</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.h2database</groupId>
+			<artifactId>h2</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-core</artifactId>
@@ -97,11 +113,14 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-test</artifactId>
 		</dependency>
-
 		<dependency>
-			<groupId>org.apache.hadoop</groupId>
-			<artifactId>hadoop-core</artifactId>
-			<version>1.0.0</version>
+			<groupId>org.jdom</groupId>
+			<artifactId>jdom</artifactId>
+			<version>2.0.2</version>
+		</dependency>
+		<dependency>
+			<groupId>org.hibernate</groupId>
+			<artifactId>hibernate-jpamodelgen</artifactId>
 		</dependency>
 	</dependencies>
 </project>
\ No newline at end of file

src/main/java/edu/kit/scc/AuthenticationController.java

@@ -8,13 +8,57 @@
  */
 package edu.kit.scc;
 
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.StandardOpenOption;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.util.Enumeration;
+import java.util.Map.Entry;
+import java.util.zip.DataFormatException;
+import java.util.zip.DeflaterOutputStream;
+import java.util.zip.Inflater;
+import java.util.zip.InflaterInputStream;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.FormParam;
+import javax.xml.bind.DatatypeConverter;
+
+import org.apache.commons.codec.binary.Base64;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.jdom2.Document;
+import org.jdom2.Element;
+import org.jdom2.JDOMException;
+import org.jdom2.filter.ElementFilter;
+import org.jdom2.input.SAXBuilder;
+import org.jdom2.output.Format;
+import org.jdom2.output.XMLOutputter;
+import org.opensaml.xml.util.XMLHelper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
+import org.springframework.util.MimeType;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.servlet.HandlerMapping;
+
+import edu.kit.scc.saml.SamlClient;
 
 @Controller
 public class AuthenticationController {
@@ -30,16 +74,234 @@ public class AuthenticationController {
 	@Value("${oauth2.clientId}")
 	private String oauth2ClientId;
 
+	@Autowired
+	SamlClient samlClient;
+
+	@Autowired
+	EncryptedAssertionRepository repository;
+
+	@RequestMapping(path = "/assertions/**") // , produces =
+												// "application/octet-stream")
+	public void getAssertion(HttpServletRequest request, HttpServletResponse response) {
+		String path = (String) request.getAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE);
+		log.debug(path);
+
+		path = path.replace("/assertions/", "");
+		log.debug(path);
+
+		Path p = Paths.get("assertions", path);
+
+		try {
+			byte[] content = Files.readAllBytes(p);
+
+			response.setContentLength(content.length);
+
+			OutputStream outStream = response.getOutputStream();
+			outStream.write(content);
+
+			outStream.close();
+
+		} catch (Exception e) {
+			log.error("ERROR {}", e.getMessage());
+			e.printStackTrace();
+		}
+	}
+
+	@RequestMapping(path = "/SAML2/POST", method = RequestMethod.POST)
+	public String saml(@RequestParam("SAMLResponse") String samlResponse, HttpServletRequest request, Model model) {
+		String path = (String) request.getAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE);
+		log.debug(path);
+
+		// for (Enumeration<String> e = request.getAttributeNames();
+		// e.hasMoreElements();) {
+		// String attribute = e.nextElement();
+		// log.debug("{} {}", attribute, request.getAttribute(attribute));
+		// }
+
+		for (Entry entry : request.getParameterMap().entrySet())
+			log.debug("{} {}", entry.getKey(), entry.getValue());
+
+		String decodedAuthnRequestXML = "";
+
+		try {
+			Base64 base64Decoder = new Base64();
+			byte[] xmlBytes = samlResponse.getBytes("UTF-8");
+			byte[] base64DecodedByteArray = base64Decoder.decode(xmlBytes);
+
+			try {
+				Inflater inflater = new Inflater(true);
+				inflater.setInput(base64DecodedByteArray);
+				byte[] xmlMessageBytes = new byte[5000];
+				int resultLength = inflater.inflate(xmlMessageBytes);
+
+				if (!inflater.finished()) {
+					throw new RuntimeException("didn't allocate enough space to hold " + "decompressed data");
+				}
+
+				inflater.end();
+				decodedAuthnRequestXML = new String(xmlMessageBytes, 0, resultLength, "UTF-8");
+
+			} catch (DataFormatException e) {
+				log.warn("WARNING {}", e.getMessage());
+
+				ByteArrayInputStream bais = new ByteArrayInputStream(base64DecodedByteArray);
+				ByteArrayOutputStream baos = new ByteArrayOutputStream();
+				InflaterInputStream iis = new InflaterInputStream(bais);
+				byte[] buf = new byte[1024];
+				int count = iis.read(buf);
+				while (count != -1) {
+					baos.write(buf, 0, count);
+					count = iis.read(buf);
+				}
+				iis.close();
+				decodedAuthnRequestXML = new String(baos.toByteArray());
+			}
+
+		} catch (Exception e) {
+			log.error("ERROR {}", e.getMessage());
+			// e.printStackTrace();
+		}
+
+		if (decodedAuthnRequestXML.equals("")) {
+			try {
+				Base64 base64Decoder = new Base64();
+				byte[] xmlBytes = samlResponse.getBytes("UTF-8");
+				byte[] base64DecodedByteArray = base64Decoder.decode(xmlBytes);
+
+				decodedAuthnRequestXML = new String(base64DecodedByteArray);
+
+			} catch (Exception e) {
+				log.error("ERROR {}", e.getMessage());
+				e.printStackTrace();
+			}
+		}
+
+		SAXBuilder builder = new SAXBuilder();
+		String assertionXMLCompact = "";
+		try {
+			Document document = builder.build(new ByteArrayInputStream(decodedAuthnRequestXML.getBytes()));
+			String[] samlRequestAttributes = new String[4];
+
+			Element rootElement = document.getRootElement();
+
+			samlRequestAttributes[0] = rootElement.getAttributeValue("IssueInstant");
+			samlRequestAttributes[1] = rootElement.getAttributeValue("ProviderName");
+			samlRequestAttributes[2] = rootElement.getAttributeValue("AssertionConsumerServiceURL");
+			samlRequestAttributes[3] = rootElement.getAttributeValue("ID");
+
+			ElementFilter filter = new ElementFilter("Assertion");
+			for (Element e : rootElement.getDescendants(filter)) {
+
+				XMLOutputter outputter = new XMLOutputter(Format.getPrettyFormat());
+				String assertionXMLPretty = outputter.outputString(e);
+				outputter.setFormat(Format.getCompactFormat());
+
+				assertionXMLCompact = outputter.outputString(e);
+
+				model.addAttribute("Assertion", assertionXMLPretty);
+				model.addAttribute("Delegate", assertionXMLCompact);
+			}
+			model.addAttribute("IssueInstant", samlRequestAttributes[0]);
+			model.addAttribute("ProviderName", samlRequestAttributes[1]);
+			model.addAttribute("AssertionConsumerServiceURL", samlRequestAttributes[2]);
+			model.addAttribute("ID", samlRequestAttributes[3]);
+
+			try {
+				Security.addProvider(new BouncyCastleProvider());
+
+				byte[] byteArray = assertionXMLCompact.getBytes();
+
+				SecureRandom secRnd = new SecureRandom();
+
+				char[] fileChars = new char[8];
+				char[] VALID_CHARACTERS = "abcdefghijklmnopqrstuvwxyz".toCharArray();
+
+				for (int i = 0; i < fileChars.length; i++)
+					fileChars[i] = VALID_CHARACTERS[secRnd.nextInt(fileChars.length)];
+
+				byte[] iv = new byte[16];
+				secRnd.nextBytes(iv);
+				byte[] key = new byte[16];
+				secRnd.nextBytes(key);
+				IvParameterSpec init_vector = new IvParameterSpec(iv);
+				SecretKeySpec secretKey = new SecretKeySpec(key, "AES");
+				Cipher c = Cipher.getInstance("AES/CBC/PKCS7Padding");
+				c.init(Cipher.ENCRYPT_MODE, secretKey, init_vector);
+
+				byte[] encryptedBytes = c.doFinal(byteArray);
+
+				log.debug("Init vector {}", DatatypeConverter.printHexBinary(iv));
+				model.addAttribute("iv", DatatypeConverter.printHexBinary(iv));
+				log.debug("Key {}", DatatypeConverter.printHexBinary(key));
+				model.addAttribute("key", DatatypeConverter.printHexBinary(key));
+
+				byte[] returnBytes = new byte[encryptedBytes.length + iv.length];
+				System.arraycopy(iv, 0, returnBytes, 0, iv.length);
+				System.arraycopy(encryptedBytes, 0, returnBytes, iv.length, encryptedBytes.length);
+
+				log.debug("Encrypted assertion {}", DatatypeConverter.printHexBinary(returnBytes));
+				model.addAttribute("encassertion", DatatypeConverter.printHexBinary(returnBytes));
+
+				Base64 b64 = new Base64(true);
+				log.debug("Encoded assertion {}", new String(b64.encode(returnBytes)));
+				model.addAttribute("delegate", new String(b64.encode(returnBytes)));
+
+				// repository.save(new EncryptedAssertion(key, iv, new
+				// String(b64.encode(returnBytes))));
+
+				Path p = Paths.get("assertions", new String(fileChars));
+				Files.write(p, new String(b64.encode(returnBytes)).getBytes(), StandardOpenOption.WRITE,
+						StandardOpenOption.CREATE_NEW);
+
+				model.addAttribute("file", new String(fileChars));
+			} catch (Exception e) {
+				log.warn("ERROR {}", e.getMessage());
+				e.printStackTrace();
+			}
+
+		} catch (Exception e) {
+			log.error("ERROR {}", e.getMessage());
+			e.printStackTrace();
+		}
+
+		model.addAttribute("samlResponse", samlResponse);
+		model.addAttribute("decodedAuthnRequestXML", decodedAuthnRequestXML);
+
+		return "saml";
+	}
+
 	@RequestMapping("/login")
-	public String login(Model model) {
-		String redirectUrl = oauth2AuthorizeUri.replaceAll("/$", "");
-		redirectUrl += "?response_type=code&scope=openid%20email&client_id=";
-		redirectUrl += oauth2ClientId;
-		redirectUrl += "&redirect_uri=";
-		redirectUrl += oauth2RedirectUri;
-		log.debug("Redirect to {}", redirectUrl);
-
-		return "redirect:" + redirectUrl;
+	public String login(Model model) throws UnsupportedEncodingException {
+		// String redirectUrl = oauth2AuthorizeUri.replaceAll("/$", "");
+		// redirectUrl += "?response_type=code&scope=openid%20email&client_id=";
+		// redirectUrl += oauth2ClientId;
+		// redirectUrl += "&redirect_uri=";
+		// redirectUrl += oauth2RedirectUri;
+		// log.debug("Redirect to {}", redirectUrl);
+
+		String request = samlClient.getAuthNAssertion("https://192.168.122.99:9443/samlsso",
+				"https://192.168.122.1:8443/SAML2/POST", "sp.scc.kit.edu");
+		try {
+			byte[] xmlBytes = request.getBytes(StandardCharsets.UTF_8);
+			ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream();
+			DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteOutputStream);
+			deflaterOutputStream.write(xmlBytes, 0, xmlBytes.length);
+			deflaterOutputStream.close();
+
+			Base64 base64Encoder = new Base64();
+			byte[] base64EncodedByteArray = base64Encoder.encode(byteOutputStream.toByteArray());
+			String base64EncodedMessage = new String(base64EncodedByteArray);
+
+			String urlEncodedMessage = URLEncoder.encode(base64EncodedMessage, StandardCharsets.UTF_8.name());
+
+			request = urlEncodedMessage;
+			log.debug("REQUEST {}", urlEncodedMessage);
+		} catch (Exception e) {
+			log.error("ERROR {}", e.getMessage());
+		}
+		String redirectUrl = "https://192.168.122.99:9443/samlsso?SAMLRequest=";
+
+		return "redirect:" + redirectUrl + request;
 	}
 
 	@RequestMapping(path = "/oauth2")

src/main/java/edu/kit/scc/EncryptedAssertion.java

+package edu.kit.scc;
+
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+
+@Entity
+public class EncryptedAssertion {
+
+	@Id
+	@GeneratedValue(strategy = GenerationType.AUTO)
+	private long id;
+
+	private byte[] key;
+	private byte[] iv;
+	private String base64Assertion;
+
+	protected EncryptedAssertion() {
+	}
+
+	public EncryptedAssertion(byte[] key, byte[] iv, String base64Assertion) {
+		this.key = key;
+		this.iv = iv;
+		this.base64Assertion = base64Assertion;
+	}
+
+	public long getId() {
+		return id;
+	}
+
+	public void setId(long id) {
+		this.id = id;
+	}
+
+	public byte[] getKey() {
+		return key;
+	}
+
+	public void setKey(byte[] key) {
+		this.key = key;
+	}
+
+	public byte[] getIv() {
+		return iv;
+	}
+
+	public void setIv(byte[] iv) {
+		this.iv = iv;
+	}
+
+	public String getBase64Assertion() {
+		return base64Assertion;
+	}
+
+	public void setBase64Assertion(String base64Assertion) {
+		this.base64Assertion = base64Assertion;
+	}
+
+	@Override
+	public String toString() {
+		return String.format("Assertion[id=%d, assertion='%s']", id, base64Assertion);
+	}
+}

src/main/java/edu/kit/scc/EncryptedAssertionRepository.java

+package edu.kit.scc;
+
+import java.util.List;
+
+import org.springframework.data.repository.CrudRepository;
+
+public interface EncryptedAssertionRepository extends CrudRepository<EncryptedAssertion, Long> {
+
+	List<EncryptedAssertion> findByBase64Assertion(String base64Assertion);
+}

src/main/resources/templates/saml.html

+<!DOCTYPE HTML>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+<title>SAML Access</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+</head>
+<body>
+	<div>
+		<textarea rows="24" cols="24" th:inline="text">[[${samlResponse}]]</textarea>
+		<textarea rows="24" cols="72" th:inline="text">[[${decodedAuthnRequestXML}]]</textarea>
+	</div>
+	<div>
+		<textarea rows="24" cols="96" th:inline="text">[[${Assertion}]]</textarea>
+	</div>
+	<div>
+		<p th:text="'IssueInstant '+ ${IssueInstant}" />
+		<p th:text="'ProviderName '+ ${ProviderName}" />
+		<p
+			th:text="'AssertionConsumerServiceURL '+ ${AssertionConsumerServiceURL}" />
+		<p th:text="'ID '+ ${ID}" />
+		<p th:text="'IV ' + ${iv}" />
+		<p th:text="'Key ' + ${key}" />
+		<p th:text="'Encrypted ' + ${encassertion}" />
+		
+			<a href="/" th:href="@{'/assertions/'+${file}(key=${key})}">Get assertion</a>
+		<p th:text="${delegate}" />
+	</div>
+</body>
+</html>
\ No newline at end of file

src/test/java/edu/kit/scc/test/saml/SamlClientTest.java

+package edu.kit.scc.test.saml;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.saml2.core.Assertion;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.SpringApplicationConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import edu.kit.scc.Application;
+import edu.kit.scc.saml.SamlClient;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@SpringApplicationConfiguration(classes = Application.class)
+public class SamlClientTest {
+
+	@Autowired
+	private SamlClient samlClient;
+
+	@Test
+	public void buildAssertionTest() {
+	//	Assertion assertion = samlClient.buildAssertion();
+
+//		samlClient.validateSignatuer(samlClient.signAssertion(assertion));
+
+		// Assertion newAssertion = samlClient.buildAssertion();
+		// samlClient.canonicalizeSign(newAssertion);
+		//samlClient.validate(samlClient.signAssertion(assertion));
+		
+//		samlClient.testAssertionSignature();
+		
+		samlClient.sendAuthNRequest();
+	}
+
+}