Still struggling with encrypting a SAML request to be sent to an ADFS server. Turns out there are multiple ways to encode strings. By default the utf-8 encrption option with the toBase64 tag uses HTTP-Post binding. I need it my script to use HTTP-REDIRECT binding.
The code I'm using is this:
<CFSAVECONTENT VARIABLE = "samlAssertionXML">
<samlp:AuthnRequest IssueInstant="2014-09-16T19:24:18.343Z" ID="_kdls_testing_application_for_single_sign_on" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost/sde</saml:Issuer>
<samlp:NameIDPolicy AllowCreate="true"/>
</samlp:AuthnRequest>
</cfsavecontent>
<cfscript>
samlAssertionXML = toBase64(toString(TRIM(samlAssertionXML)), "utf-8");
</cfscript>
When I take the string that gets returned by the toBase64 tag and use the SAML 2.0 Debugger the string gets de-crypted correctly. But when I re-encrypt the string using HTTP-REDIRECT binding I get a different encryption string. If I re-encrypt using the HTTP-POST binding I get the string I passed to the toBase64 tag.
So my question is how to I tell CF that I need to use HTTP-REDIRECT binding when I encrypt the string?