ComponentSpace

Forums



Decrypting an EncryptedID


Decrypting an EncryptedID

Author
Message
BrianJ
BrianJ
New Member
New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)

Group: Forum Members
Posts: 3, Visits: 33
Hi,
I need a way to get nameId from the EncryptedID element as the provider can't encrypt the assertion or won't for some reason.
Could you give me some code to get this done with the ASP.Net version?
Thanks,
Brian
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi Brian,

The SAML high-level API automatically decrypts SAML assertions but not IDs. You would need to use the EncryptedID class under the ComponentSpace.SAML2.Assertions namespace to perform the decryption.


EncryptedID encryptedID = new EncryptedID(xmlElement);
NameID nameID = encryptedID.Decrypt(x509Certificate, null, null);



However, I'm not sure why anyone would encrypt the ID rather than just encrypting the SAML assertion. If a provider can encrypt the ID they should be able to encrypt the assertion. There's no real performance cost in doing this either.

Regards
ComponentSpace Development
BrianJ
BrianJ
New Member
New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)

Group: Forum Members
Posts: 3, Visits: 33
ComponentSpace - 10/19/2023
Hi Brian,

The SAML high-level API automatically decrypts SAML assertions but not IDs. You would need to use the EncryptedID class under the ComponentSpace.SAML2.Assertions namespace to perform the decryption.


EncryptedID encryptedID = new EncryptedID(xmlElement);
NameID nameID = encryptedID.Decrypt(x509Certificate, null, null);



However, I'm not sure why anyone would encrypt the ID rather than just encrypting the SAML assertion. If a provider can encrypt the ID they should be able to encrypt the assertion. There's no real performance cost in doing this either.

Thanks, yes its weird and we don't control the assertion. I've asked them to just encrypt the whole assertion but for some reason they won't.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Usually this type of thing is a mutual decision between the IdP and SP. It's an odd decision by them.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search