ComponentSpace

Forums



SAML Response Signature


SAML Response Signature

Author
Message
sgadev
sgadev
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 21
Hello everyone,

Is "SignSamlResponse": true enough to include Signature in the SAML response?
When I set "SignAssertion": true I'm able to see the Signature within the assertion message part.




Why I cannot see the Signature in the SAML Response?
I expect the Signature to be included in the SAML Response when "SignSamlResponse" is set to true.

I'm using the example code SAMLv20.Core-licensed that comes with the full license of .NET Core product version.
No changes are made in the configuration.
I've tried in some other testing applications but without success.

Many thanks
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)

Group: Administrators
Posts: 2.8K, Visits: 8.8K
Yes, that's all that's required. Here's a signed SAML response generated with SignSamlResponse specified.

If there's still an issue, please contact [email protected] including your SAML configuration with any passwords removed.

Also, enable SAML trace and include the generated log file as an email attachment.

https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace




Regards
ComponentSpace Development
sgadev
sgadev
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 21
Thank you for the response!

I looked at the logs and it really works as excepted:
-> Signing XML (Signature is missing from the samlp:Response message)
-> Signed XML (Signature is added to the samlp:Response message)

But I still a bit confused why Signature is not presented in the samlp:Response from the code point of view.
There are two places I have been used to debug and explore the response message:
-> IdP - using OnSamlResponseCreated event
-> SP - using OnSamlResponseReceived event
In both of them, the Signature has not been presented in the saml response, but it is in the assertion ("SignAssertion": true)

It's not a big deal because the things work correctly, I'm just wondering why it behaves like that.

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)ComponentSpace Development (3.9K reputation)

Group: Administrators
Posts: 2.8K, Visits: 8.8K
These two events work with the SamlResponse object rather than the serialized XML. This means they don't include the XML signature.

If you wish to see the SAML response including the XML signature, use the OnSendMessage and OnReceiveMessage events which work with the serialized XML (ie XmlElement).

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 3 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









Forums, Documentation & Knowledge Base - ComponentSpace


Search