ComponentSpace

Forums



Is there a way to change saml:signature nesting to saml:Assertion instead of saml:Issuer?


Is there a way to change saml:signature nesting to saml:Assertion...

Author
Message
terminator
terminator
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 5, Visits: 10
I am using LowLevelAPI (I know HighLevel is recommended but this is a older app and the code is there). 

Using the following code -


XmlElement samlResponseXml = samlResponse.ToXml();
...

SAMLMessageSignature.Generate(samlResponseXml, x509CertificateIdp.PrivateKey, x509CertificateIdp);
IdentityProvider.SendSAMLResponseByHTTPPost(Response, ssoState.assertionConsumerServiceURL, samlResponseXml, ssoState.relayState);


The <saml:signature> is nested inside <saml:Issuer> and not the <saml:Assertion> tag. One of the Service Provider is saying that <saml:Signature> should be inside <saml:Assertion>. All the samples I can find on google also have <saml:Signature> nested in <saml:Assertion>. Is there a way to change this? 
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The code you have is signing the SAML response rather than the SAML assertion.
The following code outlines how to sign the SAML assertion and add it to the SAML response.

// Construct a SAML assertion – details not shown.
SAMLAssertion samlAssertion = new SAMLAssertion();
samlAssertion.Issuer = new Issuer("www.idp.com");

// Serialize to XML for XML signature generation.
XmlElement samlAssertionElement = samlAssertion.ToXml();

// Sign the SAML assertion using your private key.
X509Certificate2 x509Certificate = new X509Certificate2("idp.pfx", "password", X509KeyStorageFlags.MachineKeySet);
SAMLAssertionSignature.Generate(samlAssertionElement, x509Certificate.PrivateKey, x509Certificate);

// Add the signed SAML assertion to the SAML response.
SAMLResponse samlReponse = new SAMLResponse();
samlReponse.Assertions.Add(samlAssertionElement);

// Serialize to XML.
XmlElement samlResponseElement = samlResponse.ToXml();




Regards
ComponentSpace Development
terminator
terminator
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 5, Visits: 10
Got it. Thank you so much. I now see that there are "Sign Message", "Sign Assertion" and "Sign Message and Assertion" options in SAML. 
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search