How can pass username password as attributes in SAML Request as shown in the code below. I'm using lastpass-saml-sdk.jar to communicate with the GLUU IDP server.
SAMLInit.initialize();
String dir = Constants.METADATA_LOCATION;
if (dir == null)
throw new SAMLException("Unable to locate SAML metadata");
IdPConfig idpConfig = new IdPConfig(new File(dir + "\\gluu-idp-metadata.xml"));
SPConfig spConfig = new SPConfig(new File(dir + "\\sp-meta.xml"));
SAMLClient client= new SAMLClient(spConfig, idpConfig);
// when a login link is clicked, create auth request and
// redirect to the IdP
String requestId = SAMLUtils.generateRequestId();
String authrequest = client.generateAuthnRequest(requestId);
String url = client.getIdPConfig().getLoginUrl() +
"?SAMLRequest=" + URLEncoder.encode(authrequest, "UTF-8");
// redirect to url...
response.sendRedirect(url);
You do not pass username and passord directly to the Identity Provider. After you have redirected the user, the user himself will enter username and password at the IDP.
Here is one of my blog posts describing the flow in SAML Web rowser profile.