I am a .NET developer and I want to know how to verify the request signature without using HTTPRedirectBinding.VerifyRequestSignature.
Remarks: The redirect URL to IdP just contain the deflated, base64 encoded, url encoded SAML request in xml, signature with url encoded and the SigAlg which is the signature algorithm, IdP also knows the x.509 certificate of SP.
|