Forums, Documentation & Knowledge Base - ComponentSpace

Signing / verifying SOAP SAML assertion (SOAP Message Security 1.1 and SAML Token Profile 1.1)


https://componentspace.com/forums/Topic10189.aspx

By josephe - 8/5/2019

Hi,

Will be implementing a client and a server that uses the SOAP Message Security 1.1 and SAML Token Profile 1.1 pattern where the SAML assertion is within the WS-Security header. As a client we'll need to generate and sign a SAML assertion with some attributes and as a server we'll need to verify the signed assertion and extract the correct attributes.

I've looked over some componentspace documentation and the examples. I was able to sign and verify a non-soap assertion but I didn't see any examples which support a SOAP binding. Is this use-case supported in componentspace? If so, where do I start?

Thank you!
By ComponentSpace - 8/5/2019

We support the SAML SOAP binding as per the SAML specification but this is different from the use of SAML assertions as the security token in a WS-Security header. You can use our code to construct/deconstruct and sign/verify SAML assertions. Your code would have to be responsible for adding the SAML assertion XML to the WS-Security header and retrieving it from this header.